The latest on cybersecurity threats and news from Mandiant
Pandemic Impacts to the Cyber Threat Landscape
In the latest episode of Eye on Security, we invited Jens Monrad, Head of Mandiant Threat Intelligence, EMEA to join Luke for a conversation on how the threat landscape has changed in the past year and how it continues to be impacted by the ongoing pandemic. We reviewed the cyber events of the past year: pandemic-themed phishing, multiple APT campaigns against vaccine research and development, and ransomware targeting healthcare systems. Jens revealed that the biggest change still impacting the cyber threat landscape is the sheer volume of people working from home. He also highlighted the potential increase in the cyber criminal ecosystem due to job losses, and how individuals might turn to cybercrime in order to make money. Check out the episode now to hear how the pandemic has impacted APT activity and disinformation campaigns. Jens also shares a unique piece of advice on the threat landscape that is helpful to remember as we all work to better secure our environments. For additional information on how the pandemic and more is influencing the cyber threat landscape, check out our latest M-Trends 2021 report.
Automated Defense Brings New Features to Mandiant Advantage
Mandiant Advantage, our SaaS platform, was always intended to house more than just our threat intelligence—and now it does. With the addition of Mandiant Automated Defense and Mandiant Security Validation, we are continuing to roll out new features in a platform that is easily accessible, as well as easy to deploy and scale. Mike Armistead, SVP of Mandiant Advantage Products, joined host Luke McNamara to discuss what security teams will be able to do with these new features. Mike joined FireEye during the Respond Software acquisition, in which Respond’s solution became what is now known as Mandiant Automated Defense. Mike shared how the addition of Mandiant Automated Defense to the Mandiant Advantage platform enables the automation of tier one triage alerts. One thing that really stuck out about their conversation is how weaving together Mandiant Automated Defense, Mandiant Security Validation, and Mandiant Threat Intelligence helps organizations prioritize threats that matter to them, fast. Listen to this episode to get a walkthrough of how a SOC analyst can use the Mandiant Advantage platform to access intel about an alert they receive. You’ll also get a glimpse into what’s next for the Mandiant Advantage platform.
The Making of an M-Trends Report
Have you ever wondered what it takes to develop our annual M-Trends report? The short answer is: a whole lot! Our host Luke McNamara asked Regina Elwell, Senior Principal Threat Analyst on the Advanced Practices Team, and Steve Stone, Senior Director for Advanced Practices, to take us behind the scenes so we can see exactly what goes into building an edition of M-Trends. Steve started by discussing the sheer amount of data collection that is required, and how the team has to pore over this data—which comes directly from our incident response investigations—to determine what is a trend and what is not. Regina and Steve also touched on the evolution of the report from its first iteration in 2011. Not surprisingly, the reports have gotten more robust and include new data points almost every year. We also discussed some of the highlights from our latest report, M-Trends 2021, and interpreted some of the key findings, including drops in median dwell time, increases in internal detections, impact of ransomware, and notable malware families from 2020. Additionally, we covered some of the process and approach Mandiant puts into grouping new threat groups (UNCs) and Steve and Regina’s favorite threat actors. Listen to the podcast now, and when you’re done, read the full M-Trends 2021 report.
The "Big Four": Spotlight on Russia
We are wrapping up our “Big Four” series with a country that has been one to watch for quite some time: Russia. And who better to join me for this episode than our Vice President for Mandiant Threat Intelligence, John Hultquist. We started off this episode discussing how Russian cyber threat activity evolved to what we know today, from the days of Moonlight Maze and Agent.BTZ. We then shifted the conversation to some of the most notable Russian threat groups and the difficulties of assigning attribution at the organizational sponsorship level. While many APT groups from the “Big Four” may blend together various types of threat activity, Russia has utilized a particularly interesting mix of cyber espionage, information operations, and disruptive attacks over the years. John brought up many notable Russian incidents, including: the Olympics, the Ukrainian power grid, the targeting of elections, and the SolarWinds supply chain breach. We also discussed some of the challenges in communicating threat intelligence to both customers and wider audiences. To cap off the series, John delved into how organizations should think about not only Russian threat activity, but the operations and campaigns from North Korea, Iran, and China. You can stay ahead of threat actors like those from the “Big Four” by joining Mandiant Advantage Free where you’ll have access to up-to-the-minute threat intelligence: http://feye.io/MA
The "Big Four": Spotlight on China
The third installment of our “Big Four” series on China is filled with so much great information that it’s our longest episode yet. Lloyd Brown, Principal Analyst for our Custom Intel Team, and Scott Henderson, Principal Analyst for our Cyber Espionage Team, joined our host, Luke McNamara to peel back the layers of China’s cyber capabilities. Similar to past episodes in this series, we started at the beginning of China’s cyber operations—dating back to 2003. Scott and Lloyd took us through a detailed look at all the stages of China’s operations, including the shift in 2015/2016 from being “clumsy and noisy” to stealthy. Lloyd brings up a great point that’s worth hearing about their use of CVE exploits (which came into play with the recent Microsoft Exchange server exploits). We also discussed how China’s cyber activity is driven by economic interests such as the Belt and Road initiative, the nature of their operations surrounding global elections, APT41’s cybercrime activity in addition to cyber espionage, and where they think China’s operations are headed. You’ll definitely want to stick around to the very end. Since our initial recording occurred before the Microsoft Exchange exploits, Luke decided to follow up with Lloyd to get his take on HAFNIUM and the UNC groups we’re tracking related to that activity. Know the threats that affect your organization with up-to-the-minute threat intelligence by signing up for Mandiant Advantage Free: http://feye.io/MA
Audio quality needs improvement
The episodes are hit or miss, as some of them sound like they were recorded with a potato.