Welcome to this week’s edition of the Threat Source newsletter.
If you haven’t noticed yet we’ve had a few guest writers on this newsletter over the last few months. Alas my time covering the newsletter has ended and I leave you with one final edition. Have no fear, William Largent will be rounding out the guest appearances next week and your long-time host Jon Munshaw will be back at the helm. Thanks for sticking with us this long and if you’re newly subscribed welcome!
The one big thing
Next week will be our final installment of our 2022 Year in Review report coverage. We’ll be publishing a final topic summary on Ransomware and Commodity Loaders and follow up these reports with a livestream on LinkedIn and Twitter with report and subject matter experts.
Why do I care?
We published our full 2022 Year in Review early December. If you haven’t read it yet we highly suggest your download your copy here or check out our previous livestreams. Through these reports and videos we’ve broken down the threat landscape and trends Talos observed over 2022. What’s that saying, history repeats itself? Take a minute to look back and prepare for what lies ahead in 2023.
So now what?
Mark your calendar for our fourth and final livestream on Tuesday February 7th at 12 PM EST. Read the report, browse the topic summaries, or watch our livestreams on demand. Looking for extra credit? Read through Talos’ Head of Outreach Nick Biasini’s future predictions of State Sponsored attacks in 2023.
Top security headlines of the week
Coming back from the dead yet again a new Lazaurs campaign has been found to exploit unpatched Zimbra devices targeting medical research and energy industries along with their supply chain partners in attempts to gather intelligence. Through unpatched devices the threat actors are gaining network access and escalation privileges. (SC Media)
Google’s official mobile virtual network operator (MVNO), Google Fi, was in headlines due to a customer data breach via T-Mobile. Using technology to switch between cellular provides Google Fi provides constant coverage for customers through T-Mobile and US cellular. It’s reported the breach happened in November 2022 but wasn’t discovered until early January 2023. Customers have been notified but many questions remain, like are users still vulnerable? (TechCrunch)
Surprising quite literally no one, ChatGPT sets a record for the fastest-growing user base in history. Reaching an estimated 100 million active monthly users in December just two months after launch (yet every time I try to get it to write this newsletter it says the app is at capacity…). Whether you’re a user, a skeptic, or simply don’t care ChatGPT has stirred up a lot of attention lately, we’ll all just have to keep an eye on the evolution of ChatGPT. (Ars Techinca)
Can't get enough Talos?
· State Sponsored Attacks in 2023 and Beyond
· Quarterly Report: Incident Response Trends in Q4 2022
· CTIR On Air: Reviewing Q4's top threats livestream
· Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022
· 2022 Year in Review: Threat Landscape Livestream
Upcoming events where you can find Talos
Cisco Live Amsterdam (Feb 6-10)
Amsterdam, Netherland
WiCyS (March 16-18, 2023)
Denver,CO
RSA (April 24-27, 2023)
San Francisco, CA
Most prevalent malware files from Talos telemetry over the past week
SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
Typical Filename: VID001.exe
Claimed Product: n/a
Detection Name: Simple_Custom_Detection
SHA 256: 00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725
MD5: d47fa115154927113b05bd3c8a308201
Typical Filename: msaccess.exe
Claimed Product: n/a
Detection Name: rojan.GenericKD
SHA 256: e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c
MD5: a087b2e6ec57b08c0d0750c60f96a74c
Typical Filename: aact.exe
Claimed Product: n/a
Detection Name: W32.File.MalParent
SHA 256: 125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645
MD5: 2c8ea737a232fd03ab80db672d50a17a
Typical Filename: LwssPlayer
Claimed Product: 梦想之巅幻灯播放器
Detection Name: Auto.125E12.241442.in02
SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934
MD5: 93fefc3e88ffb78abb36365fa5cf857c
Typical Filename: Wextract
Claimed Product: Internet Explorer
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg