InterPlanetary File System or IPFS has increased in prominence as a file hosting technology associated with Web 3.0. It's probably most well known for hosting NFTs, but this blockchain related technology is also being abused by bad actors. In this episode we'll be talking with Edmund Brumaghin about his recent research into IPFS and his findings. We'll also talk about the ways we've seen malicious actors abuse it and briefly touch on things organizations can do to protect themselves.
To wrap up Cybersecurity Awareness Month, we're looking at the best, and free, ways to improve your security skills. Jason Kirkland and David Roman from Cisco Talos Incident Response join Jon to talk about the websites, YouTube channels, social media profiles and more they use to stay up-to-date on security news and polish their cybersecurity skills.
Here are links to some of the resources we spoke about in this episode:
To celebrate this week's National Cybersecurity Awareness Month theme, we have a special 101 episode of Talos Takes to cover the basics of threat hunting. This is a crucial skill for any cybersecurity professional-in-training and one of the questions we get the most often. Asheer Malhotra from the Talos Outreach team joins the show to talk about where he starts finding new malware families and threat actors, what the barriers usually are that he has to overcome and what check boxes he has to hit before he can talk about something publicly. For more on this topic, watch our "Threat Hunting 101" livestream from earlier this week here.
To celebrate National Cybersecurity Awareness Month, two one-time "security noobs" talk about their career trajectories and how they've grown to see themselves in cyber. Sammi Seaman and Jon Munshaw talk about their previous careers in library services and journalism, respectively, and how they applied some of those skills to cybersecurity. Other talking points include:
Azim Khodjibaev joins the show once again for the latest addition of "Days of our Ransomware." Jon and Azim talk about the recent LockBit 3.0 leaks and the drama surrounding them. Will other actors try to backpack off the leaked builder? Why is LockBit switching to triple extortion tactics now? And what other trends are going on in the ransomware landscape? This is the perfect place to get caught up on all things ransomware to head into the rest of National Cybersecurity Awareness Month.
Nick Biasini is back on once again to talk to Jon about Insider Threats. Nick recently wrote a post about how he and Cisco Talos Incident Response are seeing an increase in these types of attacks in the wild. And while the term "insider threat" may sound like someone actively seeking to do something bad, that's now always the case. This week's episode discusses how to prepare for Insider Threats and some of the hallmarks of the spam emails, calls and mobile notifications we're seeing in these campaigns.
Vitor Ventura from the Talos Outreach team joins the show this week to run down Talos' recent research into the Lazarus Group. This well-known North Korean state-sponsored threat actor is well known for their ransomware and cryptocurrency-related cyber attacks, but we recently found them launching a new information-stealing trojan targeting energy companies. Vitor talks about the new trojan, MagicRAT, and how it fits into their larger plans and motivations.
Guilherme Venere of the Outreach team joins Jon this week to discuss the Gamaredon APT group. This Russian state-sponsored actor is infamous at this point in its life, but it keeps growing by adding new tools and malware. Recently, Guilherme helped to discover a new campaign targeting users and organizations in Ukraine, a common target of Gamaredon since the onset of Russia's invasion. They discuss what's unique about this particular attack, and why we can't just assume their activities will stay isolated to Ukraine for the time being.
We're headed back to school with Talos Takes again! Pierre Cadieux from Cisco Talos Incident Response joins the show to talk about advice for educational institutions. Jon asks him about common incident response advice for the education sector and we cover security advice for school admins, parents and students who have to worry about electronic devices traveling to and from school and connecting to all sorts of networks. This episode is particularly relevant this week given some recent major cyber attacks against the education sector, including a major event at the combined Los Angeles school district.
This week, we have the audio version of our recent livestream for Ukraine Independence Day. Talos assembled a panel of experts who have been working hands-on to defend critical Ukraine systems and its citizens from cyber threats. JJ Cummings, Ashlee Benge and Dmytro Krozhevin answer questions from Hazel Burton about the current security threats Ukraine faces, what Talos has done to hunt for threats in the region and how Cisco is supporting its employees in Ukraine.