On 29 April 2020, the Photon Research team Digital Shadows (now ReliaQuest) will record our 200th episode of ShadowTalk, our own weekly threat intelligence podcast. So many things have changed in the threat landscape since the beginning of this project in January 2018, and we were incredibly lucky to study and discuss events as they unfolded in front of our eyes.
Our team of analysts has done a great job in engaging in meaningful conversations and providing valuable insights for security professionals over the past three years and a half. And as ShadowTalk keeps growing and evolving, we thought it was about time to celebrate together what we accomplished so far. Before doing that, let’s take a look at our top five ShadowTalk episodes of all time.
1. Phineas Fisher and the Hacking Team Investigation
Some of you may recall the political and ideological campaigns carried out by this hacktivist, who reportedly compromised victims such as the Sindicat De Mossos d’Esquadra (the union of the Catalonian police force) and the Justice and Development Party (AKP, the ruling party in Turkey). Back in November 2018, our analysts recorded an episode to recap and comment on Phineas Fisher cyber attack against the Italian surveillance company Hacking Team.
The episode analyzes the details of the operation and provides useful tips for security professionals. Additionally, the security operations (SecOps) measures put in place by Phineas Fisher remain highly interesting due to the observation that the hacktivist hasn’t still been identified or arrested by law enforcement agencies to this day. You can listen to it here.
2. SolarWinds Supply-Chain Attack Round-Up
No need for historical introduction on this one. Back in December 2020, reports of a widespread supply-chain attack that compromised several US governmental agencies and critical infrastructure companies started to emerge. In this round-up, our analyst’s team discussed the event timelines and implications of SolarWinds SEC filing. If you were to need a refresher, Digital Shadows (now ReliaQuest) also published two blogs around this topic summing it up for you, The SolarWInds Compromise and The SolarWinds Compromise Update.
This episode was the first ShadowTalk to discuss the implications of this sophisticated campaign, although we kept providing further updates in the subsequent episodes for quite some time. You can listen to it here.
3. ElectricFish malware attributed to “Lazarus Group”
In June 2019, our team of analysts gathered to discuss the attribution issues related with the “ElectriFish” malware. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) reportedly identified this malware strain while tracking the activities of the Lazarus Group, a state-sponsored threat group likely operating in the interest of the Democratic People’s Republic of Korea (DPRK).
This episode is completed by a discussion about the observed exploited vulnerability in Whatsapp and dark web sales offering access to major antivirus companies. Additionally, the team discussed the NCSC’s password expiration guidance and shared their opinions on the topic. You can listen to it here.
4. Threat Report ATT&CK Mapping (TRAM) With MITRE’s Sarah Yoder & Jackie Lasky
In January 2020, Digital Shadows (now ReliaQuest) welcomed MITRE’s Cyber Security Engineers Sarah Yoder and Jackie Lasky to discuss the Threat Report ATT&CK Mapping, a new tool recently presented by MITRE at the 2019 SANS CTI Summit.
During the discussion, the team and our guests discussed what this project is, what is designed to address, and how it can be used by anyone interested in quickly capturing crucial information from security reports. You can listen to it here.
5. CVE-2019-0708 RDP vulnerability and GDPR’s anniversary
In May 2019, the team discussed CVE-2019-0708, a remote code execution (RCE) vulnerability that exists in Remote Desktop Services and that allows unauthenticated attackers to connect to the target system and send specially crafted requests. Few different proof-of-concepts (PoC) exploits had already begun circulating by the time the team recorded the episode, which made the risk even more pressing.
This episode additionally includes a sit-down with Digital Shadows (now ReliaQuest)’ Chief Innovation Officer James Chappell and James Boyle of law firm Taylor Vinters for an extended discussion on the state of the General Data Protection Regulation (GDPR) one year after its implementation.You can listen to it here.
As we will soon be celebrating the 200th episode before the end of April, we’ve got great plans to establish ShadowTalk as a leading podcast in the area of Digital Risk Protection (DRP) and Cyber Threat Intelligence (CTI). In the meantime, if you have any requests or suggestions, feel free to reach out at [email protected].