Headline

What kind of summer has it been?

As we head into the final third of 2024, we caught up with Talos’ Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.

16 days ago

TALOS

Open in Source

#web #google #cisco #intel #chrome #wifi

Thursday, August 29, 2024 14:00

Hello Talos followers. I’m back for my annual takeover of the Threat Source newsletter. First, an update on that killer sloth movie I was so excited about in August 2023. “Slotherhouse” debuted with an impressive $137,133 at the box office, with critics hailing its various set pieces such as “death by sleeping bag balcony trap” (read that again) and “a particularly gruesome use of hair straighteners.”

Onto less grisly fare. In the times when I used to frequent the site formerly known as Twitter, my favorite account to follow was “Sorkinese” – a daily elocution safari with the wit and wisdom of Aaron Sorkin characters (mainly from The West Wing). Before Sorkinese’s well timed final tweet in July last year (“The internet people have gone crazy!”) one piece of Sorkin dialogue that I always enjoyed seeing on the feed was “What kind of day has it been?.” The Wingnuts amongst you will know that Sorkin used this as the title of key episodes in several of his shows. It’s meant to signal the end of something, and a reflection of what’s important.

As summer is drawing to a close and “sweater weather” begins again in earnest, I wanted to use this opportunity to reflect a little…what kind of summer has it been?

I live in the UK, so “wet” is the first word that comes to mind. But since I allegedly work in the security industry, and this is allegedly a security newsletter, I’ll steer things in that direction. In a “here’s what I made earlier” moment (hello to the small percentage of Brits who will get that reference), this is a video which features Talos’ Head of Outreach Nick Biasini. We asked him to reflect on his two biggest areas of concern/importance in the threat landscape right now:

One more quick thing – it’s now a week until we launch our new documentary, “The Light We Keep: A Project PowerUp Story.” This video will explore first-hand accounts of the chaos and consequences of electronic warfare, and how we developed a solution to maintain reliable power in the event of GPS jamming on Ukraine’s electrical grid.

Keep an eye on our social channels for its release and be sure to join us for the live online launch event which will include a Q & A with myself, Joe Marshall, Matt Watchinski, and Matt Olney.

Watch The Light We Keep trailer

**The one big thing **

BlackByte is a ransomware-as-a-service (RaaS) group believed to be an offshoot of the infamous Conti ransomware group. They have continued to leverage tactics, techniques and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and deploying a self-propagating, wormable ransomware encryptor. In recent investigations, Cisco Talos Incident Response (Talos IR) has also observed BlackByte using techniques that depart from their established tradecraft. Members of the team, in collaboration with Talos Intelligence and Interdiction, wrote a blog detailing their findings.

** Why do I care? **

During an investigation of a recent BlackByte attack, Talos IR and Talos threat intelligence personnel noted close similarities between indicators of compromise (IOCs) discovered during the investigation and other events flagged in Talos’ global telemetry. Further investigation of these similarities provided additional insights into BlackByte’s current tradecraft and revealed that the group has been significantly more active than would appear from the number of victims published on its data leak site.

**So now what? **

Talos IR has provided a full set of recommendations to help defenders protect against RAAS groups such as BlackByte. Including how to detect lateral movement. You’ll find these recommendations in the blog, alongside the MITRE ATT&CK mapping of new TTPs, and Indicators of Compromise.

**Top security headlines of the week **

Hundreds of open-source large language model (LLM) builder servers and dozens of vector databases are leaking highly sensitive information to the open Web. Dark Reading
A recent Qilin ransomware attack targeted credentials that were stored in Google Chrome browsers on a portion of the impacted network’s endpoints. Researchers said the move is an “unusual tactic, and one that could be a bonus multiplier for the chaos already inherent in ransomware situations.” Decipher
Labor Day warning: Protect your date with these high-tech travel tips. Talos’ Nick Biasini recently gave advice on how to spot travel related phishing emails, and how to be aware of vulnerable Bluetooth connections and WIFI spots. Share with your friends and family! ABC News

**Can’t get enough Talos? **

Talos’ Kelly Patterson just released a 3-part blog series of her research into the intricacies of fuzzing µC/OS protocol stacks. Kelly hopes her research will encourage more widespread use of fuzzing of RTOS software components.

Check out the series below: