Welcome to this week’s edition of the Threat Source newsletter.

It’s the most wonderful time of the year, and I’m not talking about the holidays. The inaugural 2022 Talos Year in Review is here! And it’s taking over the final Threat Source newsletter of the year. Oh and did we mention we’re on Mastodon now? Talos, the gift that keeps on giving.

The one big thing

The 2022 Talos Year in Review is officially launched and with it a compressive story of our work in the past year relying on a wide variety of data and expertise. We expect this data-driven story will shed some insight into Cisco’s and the security community’s most notable successes and remaining challenges. In addition, as these Year in Review reports continue in the future, we aim to provide data and narratives that help explain how the threat landscape changes from one year to the next. We hope you find this report as elucidating to read as it was to research and write, and that it arms the security community with the information and context needed to continue fighting the good fight.

Why do I care?

Talos’ Year in Review takes a broad look not only at the major security events but looks at the major impacts and trends within the larger threat landscapes and takes a deep dive in to the top threats. We’ll be hosting livestreams on four sub-sections of the report with researchers and report contributors to cover the full research and findings.

So now what?

Pour yourself a glass of your favorite beverage, start up the fire and get to reading! Mark your calendar for our next three livestreams in the new year:

2022 Year in Review-APTs: Jan 10th, 12pm ET

2022 Year in Review- Threat Landscape: Jan 24th, 12pm ET

2022 Year in Review- Ransomware & Commodity Loaders: February 7th, 12pm ET

Top security headlines of the week

If you’ve yet to stumble upon ChatGPT or hear about it at the office water cooler you may be living under a rock (we’ve been there too). The AI chat bot developed by OpenAI and released last week, creates human like responses to user-generated prompts. While it has the ability to take on mundane tasks the evolution of AI still raises eyebrows in security communities with concerns of deep fakes and fake news campaigns. (CNET)

The U.S. Department of Justice announced this week the take down of leading global distributed denial-of-service sites for-hire websites. The takedowns were part of a joint operation, “Operation PowerOFF”, between the US, the U.K.’s National Crime Agency, Dutch police, and Europol. The sites were involved in attacks against varied victims in the U.S. and abroad, spanning educational institutions, government agencies, and gaming platforms. (TechCrunch)

The US Cybersecurity and Infrastructure Security Agency (CISA) added new flaws to its Known Exploited Vulnerabilities Catalog including Veeam, Fortinet, Microsoft and Citrix products. Vulnerabilities, CVE-2022-26500 and CVE-2022-26501, are rated ‘critical’ and impact Veeam’s Backup & Replication enterprise backup solutions. Used by 70% of Fortune 2000 companies, Veeam products continue to be tempting targets for malicious actors. (SecurityWeek)

Can’t get enough Talos?

·Talos 2022 Year in Review

·Beers with Talos

·Microsoft Patch Tuesday for December 2022

Upcoming events where you can find Talos

CactusCon (Jan 27-28)

Mesa, AZ

Cisco Live Amsterdam (Feb 6-10)

Amsterdam, Netherlands

Most prevalent malware files from Talos telemetry over the past week

SHA 256: 1077bff9128cc44f98379e81bd1641e5fbaa81fc9f095b89c10e4d1d2c89274d

MD5: 26f927fb7560c11e509f0b8a7e787f79

Typical Filename: VID001.exe

Detection Name: W32.File.MalParent

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507

MD5: 2915b3f8b703eb744fc54c81f4a9c67f

Typical Filename: VID001.exe

Detection Name: Simple_Custom_Detection

SHA 256: e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c

MD5: a087b2e6ec57b08c0d0750c60f96a74c

Typical Filename: AAct.exe

Detection Name: W32.File.MalParent

SHA 256: 125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645


Typical Filename: LwssPlayer.scr

Detection Name: Auto.125E12.241442.in02

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91

MD5: 7bdbd180c081fa63ca94f9c22c457376

Typical Filename: IMG001.exe

Detection Name: Trojan.GenericKD.33515991