Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Welcome to this week’s edition of the Threat Source newsletter.
Hello again my friends! Geez, it’s been a year am I right? Lemons its February you say?! Oof.
Imposter syndrome. You’ve heard the term I’m sure, but what is it? Basically: imposter syndrome is the persistent feeling of self-doubt and fear of being exposed as a fraud despite clear evidence of competence and success. In cybersecurity, and in especially in Talos, you will find imposter syndrome in abundance.
In Talos you’re in rooms of incredibly bright and smart people. They are paragons of what it is to be hackers, and you cannot help but often admire the amazing quality of their work. It is truly an amazing team that does important work to help save the world from the bad guys.
The downside? You’re in a room of bright and smart people. Some can reverse malware binaries while juggling chainsaws. Some are polyglots who can at length tell you the linguistic nuances of Mesopotamian verbs and loanwords and have eidetic memory of every ransomware cartel ever. I personally know one is an amazing, accredited musician and actually hacked a prison to open its jail cells on a pentest.
How do you not compare yourself to the talents, skills, and achievements of wonderfully smart and talented people? It’s tough not to. Comparison is truly the thief of joy.
The truth is – in cybersecurity and in places like Talos and elsewhere, you will be constantly assailing yourself with self-doubt of achievement and belonging. The anxiety, stress, and burnout from imposter syndrome are a real thig.
So what do we do? First, look at your achievements. You are where you are because others saw value in your work. Second, challenge those negative self-thoughts. Easier said than done, I know, but hear me out. Use mentors and peer group support to help challenge those negative self-thoughts.
And lastly, be kind to yourself. Cybersecurity is a hard gig. It’s a gigantic amount of technical and non-technical information and we all feel the pressure to absorb, understand, and master it and all its nuances. That’s not possible of course, but we cyber folks are wired differently. If you can walk away with 1% more information than you had yesterday, that’s a win. Take it. Just be kind to yourself, ok?
I want to take a moment to address a specific audience of readers. All the U.S. federal workers who have been affected by reduction in force (RIFs), my heart goes out to you. This is an unearned hardship. I wish I had a magic wand to wave to alleviate the stress and trauma of a sudden event like this. I know it’s truly awful. If I can offer any guidance or mentorship for private sector cybersecurity, reach out. I may not have all the answers, but I will do what I can. Stay strong.
The one big thing
Boy howdy is this a big one – scams! Look, the average person isn’t going to get smoked by Salt/Volt Typhoon, or wrestle with a financial threat actor like a ransomware cartel. But you absolutely have bought and sold things online. We break down seller abuse – that is, ways to trick sellers into be defrauded out of money. We always picture scams as the seller doing the defrauding, but the reverse is just as true.
Why do I care?
You want to keep money in your pocket, and not be the victim of a scam. They adversaries here know the systems they are manipulating quite well here and have fine tuned the art of fraud. It’s important to understand the seller experience as much as the buyer experience in order understand these kinds of frauds and thefts.
So now what?
Understand the threat landscape for seller/buyer fraud, and hopefully this work can help keep money in your pocket and not a victim of theft. Pay attention to URL’s you’re asked to click, and clever re-directs to scamming websites. Now you know. And as G.I. Joe said – knowing is half the battle.
Top security headlines of the week
Sensitive financial and health data belonging to millions of veterans and stored on a benefits website is at risk of being stolen or otherwise compromised, according to a federal employee tasked with cybersecurity who was recently fired as part of massive government-wide cuts. (AP News)
Attackers are wielding a novel Linux backdoor against the education and public sectors in the US and Asia that demonstrates particularly stealthy ways to avoid both detection and as well as deletion from a system. (Dark Reading)
Hackers claim to have published a trove of sensitive data belonging to IVF patients after a cyberattack on Genea, one of Australia’s largest fertility providers. (Tech Crunch)
Can’t get enough Talos?
The Beers with Talos B-team comes in swinging hard on cyber security careers. I get a little spicy, and you want to hear it. Now that I know we bleep certain words, I anticipate a 50% uptake in more spicy content. You can all blame Hazel for this.
New research: Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
A blueprint for protecting major events – Yuri Kramarz joins Talos Takes to discuss his experience in cybersecurity and threat hunting for some of the world’s biggest sporting events.
Upcoming events where you can find Talos
RSA (April 28-May 1, 2025) San Francisco, CA
CTA TIPS 2025 (May 14-15, 2025) Arlington, VA
Cisco Live U.S. (June 8 – 12, 2025) San Diego, CA
Most prevalent malware files from Talos over the past week
SHA 256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
MD5: 71fea034b422e4a17ebb06022532fdde
VirusTotal: https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca/details
Typical Filename: VID001.exe
Claimed Product: N/A
Detection Name: Coinminer:MBT.26mw.in14.Talos
SHA 256:9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Detection Name: Simple_Custom_Detection
Cisco Talos Blog – Read More