Welcome to this week’s edition of the Threat Source newsletter.
Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isn’t just about money. So I am going to speak directly to the people managers from the team leads in the SOC to the C-Level execs. When you examine what you do on a day-to-day basis are you telling your team members what they can and can’t do? How often do the things you say and the goals you provide fall between those two things? Now, ask yourself what you’ve done to enable them to grow today, both technically and as people. One of the easiest ways to very quickly identify quality leadership is to find out if the mindset and actions of the people managers is that the employees work for and reflect on them, or if they understand that they work for the team and that the team is a reflection of their leadership. Yes, there are plenty of employees that will leave simply based on pay, and we all have budgets to work within – but there is no cost to show respect and fighting to find budget for pet projects, training, or even niche learning for your employees is your job. When you can’t find budget find other ways to show the employees that you respect them and are actively working to ensure their growth. In the end your efforts will be rewarded with a stronger team and a more secure environment.
The one big thing
Focus on the basics. As we run headlong into the impending brick wall of 2023 take a moment to look at your environment and simply relearn it.
Why do I care?
Without knowing your baseline environment there is absolutely no way that you can expect to protect it.
So now what?
Learn your network. Observe and reevaluate your physical security standards in this crazy post pandemic world. Ensure that your patch management strategy is sound and that you have good cross-team collaboration to get those change windows handled. Ensure dead accounts are handled correctly. On and on – you know the steps. Take a beat and follow them.
Top security headlines of the week
Yum Brands, the parent company of fast-food chains KFC, Pizza Hut and Taco Bell, has confirmed that company data was stolen in a ransomware attack.
Yum Brands said a ransomware attack impacted “certain information technology systems,” prompting the chain to take some of its systems offline. The incident also led to the closure of roughly 300 restaurants in the United Kingdom for 24 hours, the company said. Although the ransomware attack largely affected the company’s U.K. operations, Yum Brands said it notified U.S. federal law enforcement as its investigation continues. (Tech Crunch and Yum)
Initial Access Broker market is booming, posing growing threat to enterprises. Research shows a sharp year-over-year growth in the number of IABs operating in underground forums and markets. For ransomware operators and other cybercriminals that are looking for quick access to enterprise networks, these brokers are the answer. (Dark Reading and GroupIB)
Can’t get enough Talos?
Upcoming events where you can find Talos
CactusCon (Jan 27-28)
Cisco Live Amsterdam (Feb 6-10)
Most prevalent malware files from Talos telemetry over the past week
Typical Filename: VID001.exe
Detection Name: Simple_Custom_Detection
Typical Filename: Iris QuickLinks.exe
Claimed Product: N/A
Detection Name: W32.File.MalParent
Typical Filename: LwssPlayer.scr
Claimed Product: 梦想之巅幻灯播放器
Detection Name: Auto.125E12.241442.in02
Typical Filename: Wextract
Claimed Product: Internet Explorer
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg