Welcome to this week’s edition of the Threat Source newsletter.

Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isn’t just about money. So I am going to speak directly to the people managers from the team leads in the SOC to the C-Level execs. When you examine what you do on a day-to-day basis are you telling your team members what they can and can’t do? How often do the things you say and the goals you provide fall between those two things? Now, ask yourself what you’ve done to enable them to grow today, both technically and as people. One of the easiest ways to very quickly identify quality leadership is to find out if the mindset and actions of the people managers is that the employees work for and reflect on them, or if they understand that they work for the team and that the team is a reflection of their leadership. Yes, there are plenty of employees that will leave simply based on pay, and we all have budgets to work within – but there is no cost to show respect and fighting to find budget for pet projects, training, or even niche learning for your employees is your job. When you can’t find budget find other ways to show the employees that you respect them and are actively working to ensure their growth. In the end your efforts will be rewarded with a stronger team and a more secure environment.

The one big thing

Focus on the basics. As we run headlong into the impending brick wall of 2023 take a moment to look at your environment and simply relearn it.

Why do I care?

Without knowing your baseline environment there is absolutely no way that you can expect to protect it.

So now what?

Learn your network. Observe and reevaluate your physical security standards in this crazy post pandemic world. Ensure that your patch management strategy is sound and that you have good cross-team collaboration to get those change windows handled. Ensure dead accounts are handled correctly. On and on – you know the steps. Take a beat and follow them.

Top security headlines of the week

Yum Brands, the parent company of fast-food chains KFC, Pizza Hut and Taco Bell, has confirmed that company data was stolen in a ransomware attack.

Yum Brands said a ransomware attack impacted “certain information technology systems,” prompting the chain to take some of its systems offline. The incident also led to the closure of roughly 300 restaurants in the United Kingdom for 24 hours, the company said. Although the ransomware attack largely affected the company’s U.K. operations, Yum Brands said it notified U.S. federal law enforcement as its investigation continues. (Tech Crunch and Yum)

Initial Access Broker market is booming, posing growing threat to enterprises. Research shows a sharp year-over-year growth in the number of IABs operating in underground forums and markets. For ransomware operators and other cybercriminals that are looking for quick access to enterprise networks, these brokers are the answer. (Dark Reading and GroupIB)

Can’t get enough Talos?

Upcoming events where you can find Talos

CactusCon (Jan 27-28)
Mesa, AZ

Cisco Live Amsterdam (Feb 6-10)
Amsterdam, Netherlands

Most prevalent malware files from Talos telemetry over the past week

SHA 256:
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
Typical Filename: VID001.exe
Detection Name: Simple_Custom_Detection

SHA 256:
1077bff9128cc44f98379e81bd1641e5fbaa81fc9f095b89c10e4d1d2c89274d
MD5: 26f927fb7560c11e509f0b8a7e787f79
Typical Filename: Iris QuickLinks.exe
Claimed Product: N/A
Detection Name: W32.File.MalParent

SHA 256:

125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645
MD5: 2c8ea737a232fd03ab80db672d50a17a
Typical Filename: LwssPlayer.scr
Claimed Product: 梦想之巅幻灯播放器
Detection Name: Auto.125E12.241442.in02

SHA256:
e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934
MD5: 93fefc3e88ffb78abb36365fa5cf857c
Typical Filename: Wextract
Claimed Product: Internet Explorer
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg