Despite everything else happening in the world, 2020 has been an amazing year for ShadowTalk, our weekly threat intelligence podcast where we discuss the latest events in the cyber threat landscape and analyze its main trends. So fasten your seatbelt and join us for the rundown of the top five ShadowTalk episodes of 2020!

Q1: Adapting the Threat Model to the Threat du Jour

2020 had just begun and none of us had any idea about what that year would eventually look like—how naive. In hindsight, the beginning of 2020 should have given us enough warning signals for the rest of the year. Following the US airstrike near Baghdad that killed Iranian major general Qaseml Soleimani, most media outlets began imagining what the Iranian response would look like and a retaliatory cyber attack was indicated as one of the most likely events.

Rick Holland Tweet
Figure 1: Digital Shadows (now ReliaQuest)’ CISO Rick Holland’s take on the post-airstrike panic attacks

After publishing a detailed blog about the Iranian cyber threats, Digital Shadows (now ReliaQuest)’ CISO Rick Holland intervened during one of the first ShadowTalk episodes of 2020 to tone down the chatter around potential retaliatory attacks. In particular, Rick and Harrison discussed how the “threat du jour” approach isn’t an adequate defense model and how instead security practitioners should deal with threat models and unexpected events. 

This episode has been one of the most listened to this year and it remains extremely relevant as the same recommendations can be applied to a wide range of cyber threats. You can listen to it here.

Q2: COVID-19 and Video Conferencing Platforms Walk In

It was nearly impossible to pick a ShadowTalk episode from Q2 that didn’t mention anything about COVID-19.. Published in April, in this episode Kacey, Harrison, Alex, and Charles cover the latest cyber-threats related to COVID-19 third-party apps, for which we also published a blog on risks of third-party apps ( COVID-19: Risks of Third Party Apps).

CDC mobile apps ingested by Search Light (now ReliaQuest GreyMatter Digital Risk Protection)™
Figure 2: CDC mobile apps ingested by Search Light (now ReliaQuest GreyMatter Digital Risk Protection)™

In addition to the latest COVID-19 cyberthreats, our podcasters discussed security considerations related to the booming video conferencing platforms and explored the latest stories around the DarkHotel campaign targeting Chinese government agencies. Check it out here

Q3: Twitter Crypto-Heist and Threat Actors Fiascos

Back in July, the UK team published this episode filled with ear-catching stories around the latest developments in the threat landscape. First, we updated our listeners about the Twitter stunt that managed to compromise 130 accounts, including the likes of high-profile ones such as @JeffBezos, @BarackObama, and @elon_musk, and extract more than $120,000.

Screen capture of Barack Obama’s compromised account
Figure 3: Screen capture of Barack Obama’s compromised account

Additionally, the team discussed Emotet’s resurgence and partnership with TrickBot, the latest NCSC advisory on APT29 (also known as Cozy Bear) targeting COVID-19 vaccine research facilities, and the mishaps of APT35 and TrickBot. Briefly, another episode with plenty of interesting talking points and laughs—definitely worth another listen!

Q4: A Ransomware is a Ransomware is a Ransomware

There’s not much we can do about it. Ransomware (in all of its different forms and variations) has undoubtedly been the protagonist of the cyber threat landscape in 2020. 

Every week a new operation or new variant popped up in multi-million heists. This year we observed the “pay-or-get-breached” trend spreading like wildfire among ransomware operators while threat actors become bolder and bolder in publicizing their stunts. Additionally, as the ransomware game becomes more lucrative and professionalized than ever, every working innovation in this field was carefully mimicked by other threat actors in a spiral of criminal escalation. 


That’s why this episode tried to round up some of the most prominent ransomware campaigns ongoing at that time. Plus, as October was the National Cybersecurity Awareness month (you can find our four-blog series on IoT security here, here, here, aaand here) Adam proposed the team a feature game involving the most breached passwords and more. You can have a listen to it here.

Bonus Episode: Analysing the Remote Worker Threat Model

As many countries begin their plans to distribute COVID-19 vaccines, it “returning to normal” is on the horizon. However, it is likely that many organizations will keep working remotely or embracing a hybrid remote work model in the following years. That’s why we picked the Special Episode on the remote worker threat model as our bonus episode for this year (there’s even a blog about it here). In particular, we covered who and how would be interested in targeting remote workers and some of the best practices to mitigate the risk. Check out this evergreen ShadowTalk episode here.