A jam packed episode of guests means a slightly longer Talos Takes for your feed today! We welcome Amy Chang and Omar Santos from Cisco, Vitor Ventura from Talos, and Ryan Fetterman from Splunk. Together, we discuss how AI isn't rewriting the cybercrime playbook, but it is turbo charging some of the old tricks, particularly on the social engineering side. We also touch on threat actor-built LLMs and where things may be headed. We then talk about how defensive strategies can leverage AI, particularly in the SOC, to increase visibility and make determinations a lot quicker.

Resources mentioned in the episode:

Talos' 2024 Year in Review

Cisco's State of AI Security report

Defending at machine speed, by Splunk

Steven Leung from Cisco Duo joins Hazel to discuss the prevalence of identity-based attacks, why they're happening, and the various methods attackers are using to circumvent MFA (Multi-Factor Authentication), based on data in Talos' 2024 Year in Review.

Topics we touch on include phishing, push spray attacks, and Adversary-in-the Middle campaigns, and throughout the episode Steven provides best practice recommendations for implementing MFA at scale, without increasing user friction.

For more resources, check out the Duo blog, and Talos' 2024 Year in Review.

Azim Khodjibaev and Lexi DiScola join Hazel to discuss some of the most prolific ransomware groups (and why LockBit may end this year very differently to how they ended 2024). They also discuss the dominant techniques of ransomware actors, where low-profile tactics led to high-impact consequences.

For the full analysis, download Talos' 2024 Year in Review at https://blog.talosintelligence.com/2024yearinreview/