The Defender's Advantage Podcast

Ransomware continues to be one of the most significant cyber securityissues affecting organizations today. The attack is very effective andcan be carried out relatively cheaply, making for larger net profits.With no end in sight to this nasty threat, Luke McNamara, our host andPrincipal Analyst for FireEye, spoke with someone who has a front-rowseat into how organizations think about ransomware and other similarthreats. For that we turned to Charles Carmakal, our SVP & CTO forMandiant, and one of our leading incident response experts.On this episode of our Eye on Security podcast, Charles and Lukeexplore the rise and evolution of ransomware—from the early days ofthreat actors automating ransomware infections without knowing whotheir victim was, to the more recent trend of breaking intoorganizations with known vulnerabilities, taking critical data,deploying encryptors and asking for much more money.They then turn their discussion to the C-suite. Charles sharesperspectives from the board when it comes to cyber threats, notingthat while leadership is much more aware of cyber security and riskmanagement than they were in the past, many still won’t understand thegravity of the situation until it’s happening to them.Closing out the conversation, Charles shares customer storiesinvolving nation-state intrusions, the use of public offensivesecurity tools by nation-states, and the struggles organizations havehad securing their now remote workforces.

Information operations (IO) gained prominent public attention in 2016during the U.S. general election. Since then, new campaigns havecontinued to be exposed, and the tactics actors employ have evolved.In this episode of 'Eye on Security', Lee Foster, our Senior Managerof Information Operations Intelligence Analysis, joins host LukeMcNamara to talk all about disinformation, a recent influence campaignthat we refer to as Ghostwriter, and what we could see play out in the2020 general election.We start with Lee sharing overall trends and changes in IO that histeam has observed since early 2016. We then discuss the increasingusage of synthetic media (“deepfake”) images that threat actors areemploying in their campaigns, and how fabricated content is leveragedin coordinated inauthentic activity across forums and social media.Moving on to Ghostwriter, Lee describes all the tactics, techniquesand procedures related to this recent influence campaign, and goes onto compare this activity to another well-known IO campaign: SecondaryInfektion.Finally, no chat about disinformation would be complete withoutdiscussing how it could play out during the 2020 U.S. generalelection. Check out the episode today to hear Lee’s predictions forthe upcoming election and what the future holds for informationoperations in general.

The Strategic Analysis team at Mandiant Threat Intelligence examineshundreds of discrete data points from numerous sources, distillingtrends from that raw information to identify the most important,common, and damaging cyber threats clients should prioritize in theirdefensive strategies. That’s what we’re talking about on this week’sepisode of Eye on Security with our guest Kelli Vanderlee, Manager ofStrategic Analysis at FireEye.Kelli shares the types of topics the team covers, including industryand geographic-based reporting, trend analysis looking at theevolution of actor types or tactics over time, and examinations ofcyber risks associated with common business situations, such asmergers and acquisitions. Kelli and Luke also discuss the evolvingrole of Chinese cyber espionage actors and how they may be becomingmore aggressive and risk-tolerant than previously believed. We alsodelve into how the Belt and Road Initiative is driving cyberespionage—from China and other nations. In terms of the geopoliticsdriving cyber activity, Kelli believes we will continue to see morenation-states invest in cyber capabilities, as the rewards for thistype of activity often outweigh the risks.Listen to the episode to learn more about strategic analysis and thetrends Kelli’s team is tracking in 2020.

You’ve heard of security validation and know that it’s necessary totest your security effectiveness, but do you know how our teamdevelops the right attacks to test your controls against threatactivity we see in real life?On this episode of our Eye on Security podcast, Henry Peltokangas,Director of Product Management, and Nart Villeneuve, Director ofResearch & Collections, give us an inside look at what goes on behindthe scenes at Mandiant Security Validation.We begin our chat by discussing some of the key benefits of securityvalidation. We then dive into the research Henry’s team conducts totake tactics and techniques that adversaries use in the real world andreplicate them within the Mandiant Security Validation platform.Nart and Henry go on to discuss how Mandiant Security Validationreplicates adversary activity across every stage of the attacklifecycle, and then explain exactly why that is important. Finally, wewrap up the episode by previewing some new features in upcomingreleases, and how Henry and Nart see security validation evolving inthe future.To view the whitepaper mentioned during the episode, visit:https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html

In the latest episode of Eye on Security, our host Luke McNamara talksall about the world of operational technology (OT) and cyber physicalsystems with one of our foremost experts on the topic: NathanBrubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.Nathan kicked off the chat by explaining what exactly we mean when weuse the term ‘cyber physical.’ They then turned their attention torelated threats. As it turns out, there are far less attempts byattackers to target these systems than one might believe. Nathan wenton to discuss some of the fundamental differences between OT andinformation technology (IT) systems, and then explained how OT isbecoming more similar to IT, which makes those systems more vulnerableto compromise. Fortunately, even though OT security typically lagsbehind that of IT systems, it’s definitely moving forward in the rightdirection.Listen to the podcast today, and check out the following blog postsreferenced by Nathan during the episode:• Financially Motivated Actors Are Expanding Access Into OT: Analysisof Kill Lists That Include OT Processes Used With Seven MalwareFamilies: https://feye.io/2Wn6jlr• Monitoring ICS Cyber Operation Tools and Software Exploit Modules ToAnticipate Future Threats: https://feye.io/2B5WrVI• Ransomware Against the Machine: How Adversaries are Learning toDisrupt Industrial Production by Targeting IT and OT:https://feye.io/3j4l1Y5• The FireEye Approach to Operational Technology Security:https://feye.io/2DImy5T• TRITON Actor TTP Profile, Custom Attack Tools, Detections, andATT&CK Mapping: https://feye.io/2Wk58CX

We commonly see the same threat actors, techniques and malware poppingup in all corners of the globe, but that doesn’t mean each regionisn’t affected differently. In this episode, our host Luke McNamara,Principal Analyst for Mandiant Threat Intelligence is joined by YihaoLim, Principal Analyst for Mandiant Threat Intelligence, to discusscyber security and threats related specifically to the Asia Pacific(APAC) region.

COVID-19 has brought on a rapid shift to remote work. Manyorganizations were unprepared, so they quickly turned to collaborationplatforms that could help employees get back to work. But with moreapplications comes a bigger attack surface.On today’s Eye on Security podcast, Luke McNamara, Principal Analystfor Mandiant Threat Intelligence talks with Marcus Troiano, ManagingConsultant for Mandiant, about collaboration platform security.We begin the episode by discussing overall best practices forcollaboration tools, including those used for chatting, video andaudio conferencing, and file sharing. The increased use of these toolshas made them a bigger target of attackers and organizations need toensure employees are aware of and protected against relevant threats.Later in the episode, Marcus and Luke discuss issues surrounding theuse of personal devices for work, which can lead to issues such asaccidental data leakage. We also provide a list of recommendations onhow to keep virtual meetings secure so no one can listen in on ameeting, as well as how to properly share a screen withoutinadvertently disclosing confidential data.Listen to the episode today, and check out our related blog post foreven moreinformation:https://www.fireeye.com/blog/executive-perspective/2020/04/security-best-practices-for-collaboration-platforms.html

COVID-19 has rapidly taken over the headlines across the globe. Aswith many other major events, threat actors are quick to adaptrelevant topics as part of their phishing campaigns to increase thelikelihood of success. The same rings true for COVID-19, especiallydue to its global impact.On this latest Eye on Security podcast, John Atrache, PrincipalConsultant for Mandiant, joins me to discuss all things email in thetime of COVID-19. We cover a variety of topics, including how threatactors are continuously updating their phishing campaigns as newdevelopments around the pandemic arise. We also cover the importanceof organizations increasing their vigilance during these challengingtimes, and how to implement quick and effective hardening controls tomitigate the risk of successful phishing attack.Listen to the episode today, and then learn even more by checking outour blog post on COVID-19 themed phishing attacks and how to manageemail phishing risks:https://www.fireeye.com/blog/executive-perspective/2020/03/managing-email-phishing-risks.html

We are back with the second part of our M-Trends podcast where LukeMcNamara, Principal Analyst continues discussing highlights andinsights from this year’s report with Jurgen Kutscher, EVP of MandiantSolutions.We pick back up with the nature of multiple attackers in anenvironment—notably, whether or not they are aware of other attackersin the environment and if they are collaborating. Jurgen thendiscusses the rise of insider threats and how organizations canimprove the monitoring and detection of insider threats.Ransomware use continues to rise—attackers are having success andgenerating revenue, so we don’t expect this trend to level off anytime soon. Jurgen provides steps that organizations can take to reducetheir risk of falling victim to ransomware, and suggests organizationstake a look at our ransomware white paper for more containmentstrategies:https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/wp-ransomware-protection-and-containment-strategies.pdfCheck out our podcast today, and also hear Jurgen’s top cyber securityrecommendations for 2020.

FireEye released M-Trends 2020 earlier this year to provide visibilityinto frontline investigations of the most interesting and impactfulcyber attacks of the year. In this first episode of our two-partM-Trends 2020 podcast, Luke McNamara discusses the report with JurgenKutscher, EVP of Mandiant Solutions.We begin the episode by highlighting the key themes from M-Trends2020, such as dwell time and the continued exploitation of legitimatecredentials. Jurgen discusses the decrease in dwell time and whetherit’s due to organizations getting better at detections or the changingnature of attacks. You’ll also hear about trends in cloud security andrecommendations for the healthcare industry when it comes to cloud, aswell as insights into compromise detection by third parties.Listen to the podcast today to dive into M-Trends 2020, and be sure totune in for part two where we discuss insider threats, ransomware, andJurgen’s recommendations for the year ahead.