Malspace Multiple Actors, One Breach - Rethinking Threat Models in 2025
9 snips
Jul 10, 2025 
Chi En (Ashley) Shen, a threat researcher at Cisco Talos, shares her inspiring journey from Taiwanese hacking forums to leading threat intelligence at major companies. She delves into the rise of compartmentalized cyberattacks and the role of Initial Access Brokers, advocating for better threat detection strategies. Ashley also discusses her initiatives promoting diversity in cybersecurity, such as HITCON Girls and Raclette, emphasizing the importance of women in tech. Lastly, she suggests enhancements to the Diamond Model for more effective threat analysis.
AI Snips
Chapters
Transcript
Episode notes
Compartmentalized Cyberattack Trend
- Compartmentalized cyberattacks involve multiple threat actors handling distinct stages of the attack.
- This trend, especially with nation-state actors, complicates attribution and detection efforts.
Refining Terminology for Clarity
- Using 'Initial Access Group' instead of 'Initial Access Broker' clarifies distinctions between financial and state-sponsored threat actors.
- This terminology enhances communication and threat actor profiling.
Importance of Identifying Compartmentalized Attacks
- Identifying compartmentalized attacks helps assess ongoing risk and anticipate secondary threats.
- Early detection signals that initial intrusion is just a foothold, necessitating preparedness for follow-up actions.