The latest on cybersecurity threats and news from FireEye.
The latest on cybersecurity threats and news from FireEye.
Ransomware and Observations from Recent IR Investigations
Ransomware continues to be one of the most significant cyber security issues affecting organizations today. The attack is very effective and can be carried out relatively cheaply, making for larger net profits. With no end in sight to this nasty threat, Luke McNamara, our host and Principal Analyst for FireEye, spoke with someone who has a front-row seat into how organizations think about ransomware and other similar threats. For that we turned to Charles Carmakal, our SVP & CTO for Mandiant, and one of our leading incident response experts.
On this episode of our Eye on Security podcast, Charles and Luke explore the rise and evolution of ransomware—from the early days of threat actors automating ransomware infections without knowing who their victim was, to the more recent trend of breaking into organizations with known vulnerabilities, taking critical data, deploying encryptors and asking for much more money.
They then turn their discussion to the C-suite. Charles shares perspectives from the board when it comes to cyber threats, noting that while leadership is much more aware of cyber security and risk management than they were in the past, many still won’t understand the gravity of the situation until it’s happening to them.
Closing out the conversation, Charles shares customer stories involving nation-state intrusions, the use of public offensive security tools by nation-states, and the struggles organizations have had securing their now remote workforces.
The Ghostwriter Campaign and Trends in Disinformation Today
Information operations (IO) gained prominent public attention in 2016 during the U.S. general election. Since then, new campaigns have continued to be exposed, and the tactics actors employ have evolved. In this episode of 'Eye on Security', Lee Foster, our Senior Manager of Information Operations Intelligence Analysis, joins host Luke McNamara to talk all about disinformation, a recent influence campaign that we refer to as Ghostwriter, and what we could see play out in the 2020 general election.
We start with Lee sharing overall trends and changes in IO that his team has observed since early 2016. We then discuss the increasing usage of synthetic media (“deepfake”) images that threat actors are employing in their campaigns, and how fabricated content is leveraged in coordinated inauthentic activity across forums and social media.
Moving on to Ghostwriter, Lee describes all the tactics, techniques and procedures related to this recent influence campaign, and goes on to compare this activity to another well-known IO campaign: Secondary Infektion.
Finally, no chat about disinformation would be complete without discussing how it could play out during the 2020 U.S. general election. Check out the episode today to hear Lee’s predictions for the upcoming election and what the future holds for information operations in general.
Making Sense of Cyber Threats at Scale with Strategic Intel
The Strategic Analysis team at Mandiant Threat Intelligence examines hundreds of discrete data points from numerous sources, distilling trends from that raw information to identify the most important, common, and damaging cyber threats clients should prioritize in their defensive strategies. That’s what we’re talking about on this week’s episode of Eye on Security with our guest Kelli Vanderlee, Manager of Strategic Analysis at FireEye.
Kelli shares the types of topics the team covers, including industry and geographic-based reporting, trend analysis looking at the evolution of actor types or tactics over time, and examinations of cyber risks associated with common business situations, such as mergers and acquisitions. Kelli and Luke also discuss the evolving role of Chinese cyber espionage actors and how they may be becoming more aggressive and risk-tolerant than previously believed. We also delve into how the Belt and Road Initiative is driving cyber espionage—from China and other nations. In terms of the geopolitics driving cyber activity, Kelli believes we will continue to see more nation-states invest in cyber capabilities, as the rewards for this type of activity often outweigh the risks.
Listen to the episode to learn more about strategic analysis and the trends Kelli’s team is tracking in 2020.
Behind the Scenes with Mandiant Security Validation
You’ve heard of security validation and know that it’s necessary to test your security effectiveness, but do you know how our team develops the right attacks to test your controls against threat activity we see in real life?
On this episode of our Eye on Security podcast, Henry Peltokangas, Director of Product Management, and Nart Villeneuve, Director of Research & Collections, give us an inside look at what goes on behind the scenes at Mandiant Security Validation.
We begin our chat by discussing some of the key benefits of security validation. We then dive into the research Henry’s team conducts to take tactics and techniques that adversaries use in the real world and replicate them within the Mandiant Security Validation platform.
Nart and Henry go on to discuss how Mandiant Security Validation replicates adversary activity across every stage of the attack lifecycle, and then explain exactly why that is important. Finally, we wrap up the episode by previewing some new features in upcoming releases, and how Henry and Nart see security validation evolving in the future.
To view the whitepaper mentioned during the episode, visit: https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
Unique Threats to OT and Cyber Physical Systems
In the latest episode of Eye on Security, our host Luke McNamara talks all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.
Nathan kicked off the chat by explaining what exactly we mean when we use the term ‘cyber physical.’ They then turned their attention to related threats. As it turns out, there are far less attempts by attackers to target these systems than one might believe. Nathan went on to discuss some of the fundamental differences between OT and information technology (IT) systems, and then explained how OT is becoming more similar to IT, which makes those systems more vulnerable to compromise. Fortunately, even though OT security typically lags behind that of IT systems, it’s definitely moving forward in the right direction.
Listen to the podcast today, and check out the following blog posts referenced by Nathan during the episode:
• Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families: https://feye.io/2Wn6jlr
• Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats: https://feye.io/2B5WrVI
• Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT: https://feye.io/3j4l1Y5
• The FireEye Approach to Operational Technology Security: https://feye.io/2DImy5T
• TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping: https://feye.io/2Wk58CX
Eye on APAC: Cyber Security & Threats in Asia Pacific
We commonly see the same threat actors, techniques and malware popping up in all corners of the globe, but that doesn’t mean each region isn’t affected differently. In this episode, our host Luke McNamara, Principal Analyst for Mandiant Threat Intelligence is joined by Yihao Lim, Principal Analyst for Mandiant Threat Intelligence, to discuss cyber security and threats related specifically to the Asia Pacific (APAC) region.