The Defender's Advantage Podcast (Mandiant)

In this episode, Mandiant Principal Analyst Cristiana Brafman Kittner joins host Luke McNamara to discuss the potential cyber threats to the 2022 Winter Olympic Games. The conversation delves into cyber incidents attached to previous games as well as what we could see this year at the games being held in Beijing.

In this episode, Ryan Tomcik, Emiel Haeghebaert, and Tufail Ahmed joins host Luke McNamara to discuss their blog post detailing their investigation on the activity of UNC3313. The group details the collaboration between their respective teams at Mandiant to detect and respond to an intrusion by the threat actor.

Read their blog post, “Left on Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity,” at https://www.mandiant.com/resources/telegram-malware-iranian-espionage

Looking for Eye on Security? We are still here, but with a few important changes. 

This week we're launching Mandiant's new Defender's Advantage Podcast featuring the same great content you've come to expect from us and even more.

Host Luke McNamara anchors our Threat Trends series, chatting with Mandiant intel analysts, consultants, and researchers, as well as external practitioners and leaders in cyber security, all through a threat-focused lens.

And Mandiant's Kerry Matre joins to host monthly conversations with Mandiant customers and industry experts who will share their experiences and stories from the frontline of cyber security as part of our new Frontline Stories series.

Stay tuned for our inaugural Threat Trends episode later this week.

This week, host Luke McNamara is joined by Jens Monrad, Director, EMEA, Mandiant Threat Intelligence. The two discuss the evolving threat landscape in Europe following the COVID-19 pandemic and touch on the cyber aspect of Russia’s invasion of Ukraine. 

You can follow Jens on Twitter at @jenschm.

Learn about Mandiant's Ukraine Crisis Resource Center: https://mndt.info/3roZ4Jv

Read the Mandiant blog, "Responses to Russia's invasion of Ukraine Likely to Spur Retaliation": https://mndt.info/3IM8Co5

Don’t forget to rate, review, and subscribe on the platform where you listen to podcasts. 

It’s that time of year again: Mandiant has just published its M-Trends 2022 report. With almost 100 pages to unpack in this year’s report, host Luke McNamara is joined by Regina Elwell, Senior Principal Threat Analyst and Kirstie Failey, Senior Threat Analyst, who both contributed to the development of this year’s report.  

Among the aspects highlighted during the conversation are notable threat actors, including FIN12 and FIN13, the financially motivated threat groups that Mandiant graduated in 2021. The group also discussed the threat trends and techniques that have been observed during the report period. 

You can follow Regina Elwell at @ReginaElwell and Kirstie Failey at @Gigs_Security 

Download your copy of M-Trends 2022: https://www.mandiant.com/m-trends 

Read how Mandiant tracks UNCs: https://mndt.info/3xwD9n3

Read this blog post to learn more about Cobalt Strike and BEACON: https://mndt.info/3Duxg9Q

View this webinar to learn more about FIN12: https://mndt.info/38UyDVj 

Read this blog post to learn more about APT41: https://mndt.info/3JQOpgC 

Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In this week’s episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Doug Bienstock and Josh Madeley, members of the Mandiant consulting team to discuss a new threat actor, UNC3524. Doug and Josh share their observations of the group’s activities and tactics, like the use of IoT devices. 

Read more about UNC3524 in the team’s latest blog post, “UNC3524: Eye Spy on Your Email”: https://mndt.info/3KCGtQm 

Follow Doug Bienstock at @doughsec and Josh Madeley at @MadeleyJosh. 

Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In this week’s Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Sam Riddell and Alden Wahlstrom, analysts on Mandiant’s IO team, to discuss what they are seeing in the cyber threat landscape around Russia’s invasion of Ukraine. They talk about what their team has observed in the lead up to the invasion and the activity they have seen in the IO space since. Sam and Alden dive in on the threat actors in the space, the tactics being employed, and where they see the activity moving as the conflict continues. 

Check out the blog, "Information Operations Surrounding the Russian Invasion of Ukraine" at https://mndt.info/3LumlAq. 

You can follow Sam Riddell at @RiddellSam and Alden Wahlstrom at @AldenWahlstrom. Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In the inaugural episode of the Frontline Stories series, part of The Defender’s Advantage Podcast, host Kerry Matre is joined by Rob Caldwell, Director of OT/ICS Services at Mandiant. During the conversation, they discuss OT/ICS security and the impact an OT attack can have on an organization. They also dive specifically into the INCONTROLLER and INDUSTROYER2 attacks and how they targeted OT environments. 

For more information on OT/ICS Security, visit https://mndt.info/3PF5JJD 

You can follow Rob Caldwell at @robac3. 

Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In this week’s Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Jonathan Yaron, CEO and Chairman of Kiteworks to discuss navigating customer trust following a breach. During the conversation, Jonathan talks about lessons learned from the breach he led the company through and what leaders should consider in the event their organization experiences a breach. 

Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In this Frontline Stories episode of the Defender’s Advantage Podcast, host Kerry Matre is joined by Joshua Bass, Director of Product Management, and Sarah Korth, Director of Commercial Intel Services, to discuss Mandiant’s Digital Risk Protection (DRP) solution. The group discusses digital risk protection, what it can reveal about cyber threat profiles, and how attackers find weaknesses. They also discuss advancements made in digital threat management, a service included in our DRP solution, such as natural language processing. 

To learn more, read our blog, “Protecting Supply Chains and Third Party Vendor Connections" 

Don’t forget to rate, review, and subscribe where you listen to podcasts. 

Additional Resources 

Read more about Digital Risk Protection 

Read more about Digital Threat Monitoring  

Learn more about the Defender’s Advantage Cyber Snapshot  

This week’s Threat Trends episode of The Defender’s Advantage Podcast features Jacqueline Koven, Head of Cyber Threat Intelligence at Chainalysis, who joined host Luke McNamara to discuss the trends in cryptocurrency and cyber activity. She also breaks down some examples of nation state usage and targeting of crypto and the adoption of cryptocurrency by different threat actors. 

Learn more about Chainalysis at chainalysis.com and follow them at @chainalysis. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast kicks off our new monthly series, Skills Gap, which focuses on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security. Our host Chris Campbell was joined for this conversation by Mandiant’s John Doyle, Principal Consultant, and Matt Shelton, Director of Technology Risk and Threat Intelligence, to discuss talent and bridging the skills gap. The guests share their tips and resources for those interested in getting into the cyber security space and discuss what they look for when interviewing potential members of their teams. 

Follow John Doyle at @_John_Doyle and Matt Shelton at @mattjshelton. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast wherever you listen to podcasts!  

Additional Resources 

Read the blog, “Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework”: https://mndt.info/3sQVU1g

Learn more about Mandiant’s mWise Conference: https://mndt.info/3NeX7XQ 

Check out Mandiant’s career page to learn about employment opportunities: https://mndt.info/3NcOblJ

In this week’s episode of The Defender’s Advantage Podcast Threat Trends series, host Luke McNamara is joined by Anne Marie Engtoft Larsen to discuss her role as Danish Tech Ambassador and how the role has evolved since Denmark appointed the first Tech Ambassador in 2017. She chats about her views on cyber diplomacy and the value of partnerships with private sector cyber security companies. Ambassador Larsen also discusses the need for governments to tackle the issue of disinformation, talking specifically about the recent examples we’ve seen around COVID-19 and elections. 

Learn more about the Strategy for Denmark’s Tech Diplomacy 2021-2023 

You can follow Ambassador Larsen at @TechambDK. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This special episode of The Defender’s Advantage Podcast features Mandiant CTO Marshall Heilman speaking with Edgard Capdevielle, CEO of Nozomi Networks. The conversation, recorded in-person at RSA Conference 2022, delves into the partnership between Mandiant and Nozomi, and how the organizations can take on escalating cyber risks to secure cyber-physical infrastructure. Marshall and Edgard discuss the trends they are seeing in the industrial and critical infrastructure space and the role of zero trust in how we secure modern day OT and ICS systems. 

You can learn more about Nozomi Networks at their website: https://www.nozominetworks.com/ 

Follow Nozomi Networks at @nozominetworks 

Additional Resources 

Learn more about the Mandiant Cyber Alliance Program: https://mndt.info/3xnXw5r 

In this Threat Trends episode of The Defender’s Advantage Podcast, hear from Michelle Cantos who joins host Luke McNamara to discuss artificial intelligence (AI) in cyber and how adversaries are using AI in their activities today. Michelle details manipulated media techniques such as artificially generated images and vishing, tactics that have been increasingly employed by threat actors. She also discusses how financially motivated actors are seeking to leverage AI capabilities for extortive activity, and what we might expect to see as AI is further applied to cyber espionage operations. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

All too often, hiring managers find themselves seeking candidates who fit 100% of the description for the role they are trying to fill. Because of this, they overlook a swath of applicants who are good for the job. In this week’s Skills Gap episode of The Defender’s Advantage Podcast, host Chris Campbell speaks with Mandiant consulting team members Dan Nutting, Kal Guntuku, and Chris Linklater about this habit and its contribution to the cyber security skills gap. The group also discusses the skills that companies could weigh outsourcing versus what skills they should consider keeping in-house.  

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast wherever you listen to podcasts! 

Additional Resources: 

Read tips from Mandiant's Kevin Bordlemay for candidates on how they can stand out during the application process in this Business Insider article: https://mndt.info/3Ohzezt

In the latest Threat Trends episode of The Defender’s Advantage Podcast, Mandiant’s Jon Ford and Stacy O’Mara join host Luke McNamara for a conversation on election security. They discuss how organizations involved in the process of elections should think of cyber security in the lead up to these events, preparedness steps they have seen states take, and the evolution of the federal approach in the United States. Jon and Stacy also discuss some of the federal resources states and local entities can leverage for preparation going into the 2022 midterm elections and the 2024 general election in the U.S. 

Learn more about Mandiant’s expertise around election security at https://mndt.info/3zEzWCO

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

In this week’s episode of The Defender’s Advantage Podcast, Kerry Matre, host of the Frontline Stories series, is joined by Mandiant’s Tim Crothers and Matt Shelton who discuss their role in protecting the company from attackers. Both share their professional journeys, how changes at the company have impacted their responsibilities, and some standout moments they’ve experienced while safeguarding Mandiant, such as the SolarWinds attack campaign. Tim and Matt also detail how they continue to promote security awareness among employees and offer their insights on the steps security and non-security companies can take to ensure that their environments are secure against attackers. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts! 

In the latest Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Teresa Walsh, Global Head of Intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), for a deep dive on the financial services industry. Teresa discusses her journey from roles in government and how her experience has shaped her view of financial services. She also discusses how she sees the threat landscape impacting her customers and how FS-ISAC aids institutions in building resiliency against threats. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts!  

The latest episode of the Skills Gap series, part of The Defender’s Advantage Podcast, features Mandiant Managed Defense team members Robert Parker and David Lindquist, who joined host Chris Campbell to discuss what they look for when hiring for their team. They detail the skills they look for most as they interview candidates and their tips for those looking to enhance their marketability in the industry. Robert and David also share instances in which they might shift their requirements of a potential candidate in favor of hiring someone with less experience and building them up. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

Additional Resources 

Read more about how Mandiant is helping to address the cyber security skills gap: https://mndt.info/3QyO9XL

This week’s episode of The Defender’s Advantage Podcast features Emiel Haeghebaert and Ashley Zaya who joined Threat Trends series host Luke McNamara to discuss Mandiant’s most recently graduated APT group, APT42.  

Mandiant has identified APT42 as an Iranian-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government. During the conversation, Emiel and Ashley dig into APT42’s activity and tactics, including spear-phishing and social engineering techniques. They also discuss where the group fits in to the threat landscape and how they see threat actor evolving. 

Read our blog post detailing our research on APT42: https://mndt.info/3R6Qs4z

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This latest installment of the Frontline Stories series, part of The Defender’s Advantage Podcast, features Nucleus Security Co-Founder and CEO Stephen Carter, who joined our host Kerry Matre for a conversation on CISA KEV. CISA’s Known Exploited Vulnerabilities list prioritizes vulnerabilities the agency has determined to be exploited in the wild and mandates that specified U.S. civilian agencies patch the vulnerabilities by a specified deadline. Stephen and Kerry discuss how vulnerability management has evolved and how this effort from CISA helps U.S. civilian agencies as well as organizations globally. 

Follow Nucleus Security at https://nucleussec.com and follow at @nucleussec. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

In this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Dawn Hagen and Kevin Bordlemay for a discussion on diversity, inclusion, and belonging initiatives. 

The group discusses Mandiant’s internal focus on diversity, including employee resource groups, as well as efforts to build awareness of career paths in cyber security via middle school, high school, and college information sessions. They also discuss ways Mandiant is partnering with external organizations on initiatives to expand diversity in the broader industry, including the Elevate program and Mandiant Gives Back. Dawn and Kevin also dive in to the soft and technical skills applicants may be missing when interviewing for cyber security positions and the internal initiatives at Mandiant to address the skills gap. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

Additional Resources 

Learn about the Elevate program: https://mndt.info/3RQoMS6

Learn about Mandiant Gives Back: https://mndt.info/3EI7ErX 

Register for pre-conference training, provided by Mandiant Academy, ahead of mWISE Conference: https://mndt.info/3BIN0Id

The latest episode in The Defender’s Advantage Podcast Threat Trends series features Todd Boppell, COO of the National Association of Manufacturers (NAM), who joined host Luke McNamara to discuss cyber security in the manufacturing landscape. During the conversation Todd shares the top concerns for NAM’s member organizations, how the industry approaches cyber security, and the challenges and opportunities he sees in the space.  

Learn more about NAM at https://www.nam.org and follow at @ShopFloorNAM 

Additional Resources 

Watch Mandiant’s recent manufacturing focused webinar on-demand now: https://mndt.info/3C1jKN5

Learn how Mandiant helps manufacturing organizations monitor, detect and respond to threats: https://mndt.info/3eZwoD0

The latest episode of The Defender’s Advantage Podcast features SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade who joined host Luke McNamara to discuss some of the latest research they presented at LABScon, September 20-24.  

Juan shares details around his team’s findings on Metador, a threat actor that primarily targets telecommunications and internet services providers, as well as universities in the Middle East and Africa. He discusses a few of the group’s unusual characteristics and also their awareness of operations security and deployment of countermeasures to thwart attribution efforts. 

Tom joins the discussion to give a glimpse of his LABScon presentation on the cyber mercenary group, Void Balaur. He details what they have seen in the group’s activity as well as what aspects he sees the group evolving in the landscape. 

Read more about the research on Metador: https://mndt.info/3UJ9XTf

Read more about the research on Void Balaur: https://mndt.info/3SMsxYR

You can follow Juan at @juanandres_gs and Tom at @TomHegel. 

Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

mWISE Conference is happening October 18-20. Register today: https://mndt.info/3rh3gdr

The latest episode of The Defender’s Advantage Podcast Frontline Stories series features Uplight CISO Alex Wood joining host Kerry Matre to discuss how his role has evolved over the course of his career, for example, changes in the CISO reporting structure and the role’s shift to encompass a business focus as opposed to being exclusively technical.  

He also discusses his own unique journey from majoring in chemistry to climbing the ranks in cyber security and his advice for those who want to break into the industry. Additionally, Kerry and Alex chat about Colorado = Security, a movement Alex co-founded to highlight the cyber security community in Colorado and bring those professionals in the area together through local events and a podcast. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast, Mandiant’s Yihao Lim joins the Threat Trends series to chat with host Luke McNamara about the threat landscape in the Asia-Pacific region. 

Yihao discusses recent IO campaigns in the region, particularly DragonBridge and HaiEnergy, and how these attacks influence how organizations view disinformation campaigns in APJ. He also discusses the impact of geopolitical drivers, such as Russia’s invasion of Ukraine and tensions between China and Taiwan, impact the cyber security landscape in the region. Additionally, Yihao shares the trends that he sees in the threat landscape and how organizations in the region are approaching security. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

On this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Mandiant’s Fernando Tomlinson and Matt Boyle for a discussion on the value of hiring individuals from diverse professional backgrounds and ensuring accessibility to certifications and tools for those interested in transitioning to the cyber security field. 

Fernando and Matt share their thoughts on what hiring teams in the industry can do to learn more about an applicant’s analytical or soft skills outside of their resume. They also discuss the tools and resources that are available to foster greater diversity in the industry, which prospective candidates may not have immediate knowledge of, such as topical video libraries, SANS Cyber Immersion Academies and industry conferences.  

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features Stan Trepetin, Technical Product Manager at Google Cloud, who joined Threat Trends host Luke McNamara to discuss the Threat Horizon’s Report produced by the Google Cybersecurity Action Team. 

Stan highlights several articles from the latest report in the quarterly series, including a piece on the importance of sharing information on state actor threats and vulnerabilities with the community to better protect your organization. He also details two of his own articles in the report, one on the issues that arise from improper cloud oversight and the other on malicious files and URLs slipping by IT governance controls.

Read the latest Threat Horizons Report from the Google Cybersecurity Action Team: https://mndt.info/3Wjb4K6

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

On this week’s episode of The Defender’s Advantage Podcast, Mandiant’s Nader Zaveri and Simran Sakraney join Skills Gap host Chris Campbell for a discussion on how the cyber security industry and the companies within it can attract candidates from underrepresented groups and foster diversity.

Nader and Simran share their individual journeys into the industry and their perspectives on how organizations in cyber can encourage more women to enter the security field and tactics recruiters can take to engage individuals from non-traditional educational and professional backgrounds. They also outline the various types of roles that live within the cyber industry and some of the transferable skills those just starting in the field can lean on.

You can follow Nader at @NaderZaveri and Simran at @SIEMmer_Down.

Learn how Mandiant is working to address the cyber security skills gap: https://mndt.info/3T0QjQd

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features Mandiant’s Michael Barnhart and Joe Dobson who joined Threat Trends host Luke McNamara for a discussion on recent cyber activity out of North Korea, including the targeting of cryptocurrency. 

Michael and Joe discuss some of the North Korean threat groups Mandiant is following and a view of the threat landscape in the region. They also chat about the tactics of actors targeting cryptocurrency, which includes applying for roles with companies associated with crypto projects to enable malicious actors within the network. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features Davis Hake, co-founder of cyber insurance company Resilience, who joined Frontline Stories host Kerry Matre for a discussion on the role of cyber insurance. 

During the conversation, Davis explains the model for how cyber insurance is sold, the application process and how insurance companies work with clients to determine their risks and set rates. He also discusses some of the advances in recent years and those he hopes to see in cyber insurance in the coming years, including global resilience to digital threats. 

Learn more about Resilience at cyberresilience.com and follow at @ResilienceSays. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

Additional Resources 

Read Mandiant’s Cyber Security Forecast 2023 Report 

This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.

The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they’ve observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29.

Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs.

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Additional Resources

Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9u

Listen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2R

Read the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjP

Read the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk

This week’s episode of The Defender’s Advantage Podcast features four members of Team Mandiant who previously served in the United States military and transitioned into careers in the cyber security industry. Skills Gap host Kevin Bordlemay was joined by Paul Shaver, Thomas Worthington, Lauren Krukar, and Brian Timberlake for a discussion on what the transition out of service looks like and the resources that are available to those interested in a role in cyber. 

The group discusses their tips for military personnel considering a transition out of service and the resources they were able to take advantage of during their transitions, including resume review and SkillBridge. They also give their advice on what questions military members should be asking in interviews to ensure they are finding roles that fit. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features British American Tobacco CISO, Dawn-Marie Hutchinson joins Frontline Stories host Kerry Matre for a discussion on third-party risk management.

Over the course of the conversation, Dawn-Marie discusses the approach that she takes in third-party risk management and the process of conducting risk assessments. She also shares how she encourages suppliers to increase their security and how she would ideally allocate budget toward risk reduction.

You can follow Dawn-Marie at @Rie_Hutch. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of the Threat Trends series is the final episode of 2022 for The Defender’s Advantage Podcast. To wrap up our year and provide a glimpse into what we can expect from 2023, Sandra Joyce, VP of Mandiant Intelligence, joins host Luke McNamara for a discussion on some of the highlights from the past year.

Sandra chats through aspects of the Russian invasion on Ukraine, activity from the DRAGONBRIDGE IO campaign, and Mandiant’s graduation of APT42. She also discusses the evolution of ransomware and the possibility of threat actors targeting countries with ransomware – as we saw in Albania – could be a trend we continue to see in 2023. Additional trends Sandra mentions include the close association of hacktivist activity with APT activity and North Korea’s continued interest in cryptocurrency.

Read more about what else experts predict we can expect in the coming year in Mandiant’s Cyber Security Forecast 2023 Report. Download your copy at https://mndt.info/3FDxQ9n. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

We are kicking off a new year of The Defender’s Advantage Podcast with a new episode of the Frontline Stories series. This week, host Kerry Matre is joined by Mary Writz, SVP of Product for fraud prevention platform Sift for a discussion on fraud.

Mary discusses the ins and outs of fraud, including the types of fraud, the industries typically impacted and how fraud connects with cyber security and identity access. She also touches on the skills gap in the fraud space and briefly talks about cryptocurrency.

Learn more about Sift at https://sift.com/ and @GetSift. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

Our latest episode in The Defender’s Advantage Podcast Skills Gap series features Mandiant EVP and Chief of Business Operations Barbara Massa and Director of HR for Google Cloud Margaret Clarke who joined host Kevin Bordlemay to discuss the initiatives from Mandiant and Google Cloud to address the cyber mobilization crisis we are facing. 

Recent data shows that there are over 700,000 cybersecurity jobs that are unfilled in the US alone, and global estimates show this number is upwards of 3 million. Barbara and Margaret discuss how both Mandiant and Google Cloud are breaking down the barriers to employment in cyber and ensure those interested in employment get the education they need to be successful in the field. They also discuss how organizations should think differently about addressing the talent shortage in cyber security. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.

Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.

Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.

Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.

You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Kimberly Goody and Jeremy Kennelly from Mandiant’s Financial Crime Analysis team join host Luke McNamara to discuss trends in the cyber crime landscape. Kimberly and Jeremy dive into the ongoing nature of banking malware repurposed for other types of financially-motivated crime, SIM swapping, experimentation with file types and post-compromise exploitation frameworks, and more. Of course, the discussion inevitably returns to the topic of extortion and ransomware, and where that might be heading next. 

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware vendors, and how that is impacting the threat landscape today. While this threat has evolved over the years as vendors come and go, Shane highlights drivers to this market and how it may evolve in the years to come. Shane also delves into TAG's recent report on the past year of Russian cyber operations since the invasion of Ukraine, and provides some thoughts on threat activity to anticipate going forward, from supply chain compromises to election security. 

For more on TAG and Mandiant's analysis of Russian operations since the invasion of Ukraine, check out: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/

For more on Google's efforts against commercial spyware: https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/  

Have you ever wondered what a breach is really like from a CISO's perspective?

Fred Thiele, CISO at Interactive, joins host Kerry Matre to discuss managing data breaches from his personal experiences.

Fred dives into examples from his past, pointing out the depth and long tail of a breach. He explains all of the bits of a breach that go beyond incident response including working with insurance carriers, regulators, crisis communications, and more. He also shares what surprises he has encountered along the way!

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting things they each observed last year.  Jared covers some of the threat actors that drove last year's trends in observed zero-days, and Maddie highlights how variants of known vulnerabilities and bugs continue to shape the exploit landscape. They also discuss the challenges and trade-offs for defenders that arise from publishing technical details of exploits.

For more on Google's Project Zero, check out: https://googleprojectzero.blogspot.com/ 

For more on Mandiant's research on zero-days in 2022, please see: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions. 

Follow Jenny on Twitter @j3nnyt0wn and 38 North at https://www.38north.org/ 

Find Mandiant's full report on APT43 here: https://www.mandiant.com/resources/reports/apt43-north-korea-cybercrime-espionage

Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk.

Jonathan shares his experiences from BugBounty, penetration testing and working with customers to solve the growing problem of too many CVEs, too little prioritization methods. He walks through the importance of an intelligence-led approach to exposure management, how CISOs can think about their organization and how to make informed business decisions. 

Mandiant's Kirstie Failey and Jake Nicastro join host Luke McNamara to break down the findings from the 2023 M-Trends report. Kirstie and Jake cover some of the notable trends gleaned from Mandiant breach investigations over the past year around dwell time, ransomware, top initial intrusion vectors, and more. 

For more on Mandiant's 14th iteration of M-Trends, check out: https://www.mandiant.com/resources/blog/m-trends-2023

Follow Kirstie (@Gigs_Security) and Jake (@nicastronaut) on Twitter. 

The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better.  In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, Head of Product Management, Threat Intelligence, Detection & Analytics for Google Cloud Security, walks through the AI use cases that will help organizations better defend against those attacks.  Hosted by Dan Lamorena, Head of Mandiant Product Marketing.

What role do executives and the board play in cybersecurity and breach management. Hear from Jesse Jordan and Howard Israel of Mandiant discuss their experiences helping executives get the right information from their security leaders and understanding their role during a breach.

Ryan Tomcik, Dan Fenwick, and Tim Martin join host Luke McNamara to discuss how Managed Defense conducts proactive hunting, illustrated by several UNC961 intrusions. 

For more, please see: https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivated

Follow Ryan @heferyzan and Tim @Sa1jak on Twitter. 

Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach as well as what you can do to prepare for a crisis.

Dr. Jamie Collier (Senior Threat Intelligence Advisor, Mandiant) joins host Luke McNamara to discuss the recent white paper from Mandiant about developing a requirements-driven approach to intelligence, challenges organizations face in this area, and the importance of recurring stakeholder feedback to a well-functioing CTI team. 

Follow Jamie at @TheCollierJam on Twitter. 

For more on A Requirements-Driven Approach to Cyber Threat Intelligence, please see: https://www.mandiant.com/resources/blog/requirements-driven-approach-cti 

Charles Carmakal, CTO for Mandiant Consulting, joins host Luke McNamara to discuss the long tail impact of FIN11's compromise of the MOVEit file transfer solution. Charles breaks down some of the differences with this compromise in comparison to FIN11's previous operations, why the impact from this operation may impact organizations for some time, and what this spells for the changing landscape of multifaceted extortion. 

For more from Mandiant on MOVEit:  https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft

If you enjoyed this episode,  please rate and leave us a review on your platform of choice! 

Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41. 

For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41

Follow Kristina on X @chmodxx_

Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more. 

For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-cloud 

Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape,  collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security. 

For more on the Department of Homeland Security and their work, please see:
Cybersecurity | Homeland Security (dhs.gov)
Shields Up | CISA
Joint Cyber Defense Collaborative | CISA

https://www.cisa.gov/securebydesign
https://www.cisa.gov/secure-our-world
https://www.cisa.gov/cybersecurity-awareness-month

Alejandro Mayorkas | Homeland Security (dhs.gov)

Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023.  Josh and Doug cover what is happening with business email compromise (BEC), common initial infection vectors, social engineering tactics, and more. 

For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year. 

Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his  blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. 

For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop

Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more. 

For more on the work of Google Cloud's Office of the CISO: https://cloud.google.com/solutions/security/board-of-directors?hl=en#additional-thought-leadership-resources

Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. 

For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations,  and more. 

Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more. 

Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.

Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report.  Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. 

For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  

For more on this research, please check out: 

Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

Follow John on X at  @Big_Bad_W0lf_
Follow Tyler on X at @tylabs

Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders. 

For more,  check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks

Follow Michael on X at @aRtAGGI 

Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023.  They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more.  

Will and Omar's talk at Google Next: https://www.youtube.com/watch?v=Fg13kGsN9ok&t=2s

Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security organization itself. 

For more, please see: https://cloud.google.com/security/solutions/mandiant-ai-consulting

Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros.  

For more on this topic, please see:  

https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/

https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations?e=48754805

https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east?e=48754805

Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. 

For more on TAG's work on CSVs:
https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/

Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more. 

Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more.

For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html

https://blog.virustotal.com/2024/04/analyzing-malware-in-binaries-and.html

Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. 

https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercise

https://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf

Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more. 

Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabilities of an enterprise in cyber defense. 

Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure messaging applications can mitigate some of the risks associated with activity like this. 

https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

Have you ever wondered what it takes to develop our annual M-Trends report? The short answer is: a whole lot! Our host Luke McNamara asked Regina Elwell, Senior Principal Threat Analyst on the Advanced Practices Team, and Steve Stone, Senior Director for Advanced Practices, to take us behind the scenes so we can see exactly what goes into building an edition of M-Trends.  

Steve started by discussing the sheer amount of data collection that is required, and how the team has to pore over this data—which comes directly from our incident response investigations—to determine what is a trend and what is not. Regina and Steve also touched on the evolution of the report from its first iteration in 2011. Not surprisingly, the reports have gotten more robust and include new data points almost every year.  

We also discussed some of the highlights from our latest report, M-Trends 2021, and interpreted some of the key findings, including drops in median dwell time, increases in internal detections, impact of ransomware, and notable malware families from 2020. Additionally, we covered some of the process and approach Mandiant puts into grouping new threat groups (UNCs) and Steve and Regina’s favorite threat actors. 

Listen to the podcast now, and when you’re done, read the full M-Trends 2021 report. 

Mandiant Advantage, our SaaS platform, was always intended to house more than just our threat intelligence—and now it does. With the addition of Mandiant Automated Defense and Mandiant Security Validation, we are continuing to roll out new features in a platform that is easily accessible, as well as easy to deploy and scale. 

 Mike Armistead, SVP of Mandiant Advantage Products, joined host Luke McNamara to discuss what security teams will be able to do with these new features. Mike joined FireEye during the Respond Software acquisition, in which Respond’s solution became what is now known as Mandiant Automated Defense. Mike shared how the addition of Mandiant Automated Defense to the Mandiant Advantage platform enables the automation of tier one triage alerts. 

 One thing that really stuck out about their conversation is how weaving together Mandiant Automated Defense, Mandiant Security Validation, and Mandiant Threat Intelligence helps organizations prioritize threats that matter to them, fast.

 Listen to this episode to get a walkthrough of how a SOC analyst can use the Mandiant Advantage platform to access intel about an alert they receive. You’ll also get a glimpse into what’s next for the Mandiant Advantage platform. 

In the latest episode of Eye on Security, we invited Jens Monrad, Head of Mandiant Threat Intelligence, EMEA to join Luke for a conversation on how the threat landscape has changed in the past year and how it continues to be impacted by the ongoing pandemic. 

 We reviewed the cyber events of the past year: pandemic-themed phishing, multiple APT campaigns against vaccine research and development, and ransomware targeting healthcare systems. Jens revealed that the biggest change still impacting the cyber threat landscape is the sheer volume of people working from home. He also highlighted the potential increase in the cyber criminal ecosystem due to job losses, and how individuals might turn to cybercrime in order to make money.

 Check out the episode now to hear how the pandemic has impacted APT activity and disinformation campaigns. Jens also shares a unique piece of advice on the threat landscape that is helpful to remember as we all work to better secure our environments.

 For additional information on how the pandemic and more is influencing the cyber threat landscape, check out our latest M-Trends 2021 report.

Host Luke McNamara is joined by Paul Tumelty, Government Security Manager, to discuss how Mandiant is partnering with governments in EMEA to help foster cyber capacity building in nations across the region. 

Paul walks through how governments are thinking about this, from the crafting of high-level strategies to working through the tasking of the appropriate entities for cyber defense, and establishing relationships with the private sector and beyond. Paul also highlights some of the challenges—and even advantages—that various nations may have depending on where they are in their journey of establishing a government framework to better address a changing threat landscape, especially in areas such as critical infrastructure protection. 

What Luke found particularly interesting and exciting about the work Mandiant is doing in this space is the holistic approach Paul and his team are taking—beyond just ensuring the implementation of the right technologies—but looking at every aspect of what contributes to a nation’s strategy to continuously provide for a defense that can meet emerging threats. Luke and Paul even discussed the importance of early education initiatives to help foster the future workforce as part of capacity building. 

On this episode we have Daniel Kappelman Zafra, a manager on Mandiant’s Cyber Physical Threat Intelligence team, to discuss a recent blog he and has team have released on the trend of lower sophistication threat actors targeting operational technology (OT). We discuss a precursor blog they put out last year, specific to this trend and the usage of ransomware by financially motivated actors to OT, and we talk about what Daniel is seeing change in this space. Our conversation touches on the various motivations that appear to be shaping this activity, and what it means for the potential proliferation of this as a tactic for hacktivists, opportunistic threat actors, and more. One of the things that I think really comes across in this episode is the thoughtful analysis that Daniel and his team apply to ascertaining the drivers of this trend and where it may be going. It’s an insightful look into an area of threat activity we will likely continue to see headlines around this year.  

For more information on the discussion in this episode of Eye on Security, please check out the aforementioned blogs: 

-  https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html
- https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html 

In response to an increasing demand to fill the CTI skills gap, Mandiant has made a commitment to arm organizations around the world with skilled security teams to succeed on the fast-evolving threat landscape. Host Luke McNamara is joined by Shanyn Ronis, Manager, Intelligence Training Program to discuss the official launch of Mandiant On-Demand Cyber Intelligence Training. Backed by 15+ years of frontline expertise and accessible 24/7, this on-demand training provides a cost-effective approach that empowers cyber security teams to effectively use intelligence across different job roles, at different skill levels.

Host Luke McNamara is joined by Jeff Compton, Senior Manager for Mandiant’s Intelligence Capability Development team to discuss the focus of his team in helping customers build threat intelligence programs and how the needs of customers in this space continue to evolve, and how the regulatory landscape is driving change in particular regions and industries. One of the things that Jeff in particular highlighted is the importance of having a threat intel function that supports more than just the SOC, but broader stakeholders across the organization as well. Translating cyber threats into risk particular to the customer is a big focus of Jeff’s team, woven throughout their range of functions. 

While much of the discussion around modern ransomware campaigns has centered on threat actors from Eastern Europe and Russia, this episode highlights some of the lesser-known activity in a different region and explores how nations may experiment with asymmetric cyber capabilities in the future. In this episode of the Eye on Security podcast, host Luke McNamara sits down with Sanaz Yashar (Manager, Mandiant Intelligence) and Matan Mimran (Principal Analyst, Mandiant Intelligence) to discuss some of their research into Iranian threat actors leveraging ransomware and other cyber-crime tactics. Sanaz and Matan walk through campaigns they have witnessed from several UNCs that have impacted organizations in Israel and elsewhere, examining evidence for why these incidents could be part of a trend towards using ransomware for purposes other than financial gain.

Whether it’s shipping disruptions caused by the COVID-19 pandemic or compromises into software platforms used by hundreds of organizations, supply chain issues are back in the spotlight. In this episode of Eye on Security, host Luke McNamara is joined by Bryan Ware, CEO of Next5 and former Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). Bryan shares his perspective on the state of supply chain security, including the current challenges bringing this issue to the forefront now, different ways to think about supply chain issues, and steps organizations can take to mitigate their risk in this space.

This episode of Eye on Security delves into a security topic that continues to be front and center for many organizations: ransomware.  Dave Wong, Vice President for Mandiant Consulting, joined host Luke McNamara to discuss some of the recent changes with threat activity in this space. Dave covered where the trends in ransomware operations have taken us over the last year and a half, with increasing ransom price demands and the frequent extortion over stolen data from the victim. Dave and Luke also chatted affiliate models common and the fluid nature of many ransomware families, as new malware emerges and others seemingly “go dark”. Dave discussed his visibility into ransomware negotiations, sharing examples of his experience in dealing with these threat actors. He also highlighted important preparedness steps organizations can take beyond technical hardening by considering strategies of how they might approach dealing with a threat actor in a ransomware scenario. Finally, Dave and Luke touched on what changes might be seen as threat actors continue to evolve TTPs and extortion methods.  

For further insights into ransomware negotiations, check out this Daily Beast interview with Dave: https://www.thedailybeast.com/inside-a-ransomware-negotiation-this-is-how-asshole-russian-hackers-keep-shaking-down-companies

Host Luke McNamara is joined by Eli Fox and Michael Barnhart, both Senior Analysts at Mandiant, to discuss some of their work tracking various North Korean threat clusters. Michael and Eli share their perspectives on the continuously changing landscape of DPRK threat actors, some of the challenges in tracking them, and how information from defectors augments the technical data in their analysis. They share several stories of recent campaigns and delve into where some of these threats may be headed next.

For the launch of Mandiant’s most newly graduated threat group, FIN12, Kimberly Goody (Director, Financial Crime Analysis) and Josh Shilko (Principal Technical Analyst, Financial Crime Analysis) join Eye on Security to discuss this actor. They cover this group’s TTPs and targets, where they fit into the ransomware ecosystem, and what makes this particular threat actor unique in the landscape.  

While the broader discussion of cyber-related incidents, events, and trends are contributed to by many different types of organizations and individuals, journalists play an important role in furthering our collective understanding of this space. Journalist Kim Zetter joins host Luke McNamara on Eye on Security to share her perspective in covering cybersecurity as a journalist. Kim discusses how the cybersecurity beat has evolved over the years, where she gathers information to write stories, and some of the themes she sees in the current conversation about cybersecurity issues. 

Jared Semrau and James Sadowski join host Luke McNamara to discuss some of their teams’ research this year into the rise of observed 0-days and other exploitation trends. They cover how the vulnerability landscape has evolved over the years, what has made 2021 stand out so far, and how the nature of threat activity—particularly the growth of ransomware—has shifted the makeup of actors in this space. 

For Mandiant Advantage users, please see related reporting mentioned in this episode: 

Patch Me If You Can: Analyzing Trends in Time to Exploit (Q1 2020 Through Q1 2021)

Shut the Front Door: VPN Vulnerability Exploitation Trends, January 2019 – June 2021

Jake Knowlton, Andy Schmidt, and Paul Shaver join host Luke McNamara to discuss making the transition from the military to working in cyber security. Jake, Andy, and Paul share their perspectives and how they became involved in this field, some of the challenges veterans might face, and how veterans can position their prior experience for roles in infosec. 

For more on Mandiant’s partnership with VetSec, please see this blog post: https://www.mandiant.com/resources/mandiant-collaborating-with-vetsec-to-train-us-service-members-veterans 

Columbia University researcher Jason Healey joins host Luke McNamara to discuss how cyber policy has evolved over the years, the dynamics of cyber conflict, and more. In particular, this conversation delves into the risks of escalation in a crisis, how norms may (and may not) shape such conflicts, and changing the role between defense and attack. 

For our last episode of the year, Mandiant CEO Kevin Mandia joins host Luke McNamara for a year in review of 2021. The discussion includes a look back at the SolarWinds incident one year later as well as look forward to 2022 with the three things that are top of his mind going into the New Year. Additionally, Kevin touches on the future of Mandiant and the Mandiant Advantage platform.

Host Luke McNamara is joined by Michelle Cantos, John Doyle, and James Sadowski to discuss the role of contractors in cyber network exploitation (CNE) and other cyber operations. 

For further reading on this topic for Mandiant Advantage and MA Free users, please see  “She Doesn’t Even Go Here: The Role of Contractors in the Cyber Landscape” at https://advantage.mandiant.com/reports/21-00013849. Register today for Mandiant Threat Intelligence Free. 

How do you weed through the noise to find the signal? In this latest
podcast, Josh Goldfarb, Vice President and Chief Technology Officer at
FireEye, discusses best practices when looking for the signal within
the noise of alert volume.

According to Goldfarb, there are many ways an organization could
improve the efficiency of its security operations workflow, but one
way in particular makes a significant difference. A better quality of
alerts means more efficiency.. In other words, our work queue defines
what our scarce human resources work on in a given day. Given that,
doesn’t it make sense to supply that work queue with the highest
quality, highest fidelity alerts possible to ensure that human
resources spend their precious cycles on the highest value work? In
other words: more signal, less noise. Learn how this approach impacts
information security and cyberwar in this latest podcast.

Learn more about the latest trends in cyber and what you can do to
protect your enterprise from Jurgen Kutscher, vice president of
security consulting services at Mandiant, a FireEye company.

Learn more about the newest members of the FireEye family from Paul
Nguyen, founder and CEO of Invotas and John Watters, founder, chairman
and CEO of iSIGHT Partners. Hear why they started their companies, how
their addition to FireEye adds to our already robust product and
subscription offering, and what this all means both immediately and
long-term for our customers.

More and more companies are relying on the cloud for storage and
collaboration, but what does that mean from a security and cyber
standpoint? How safe is it? Who has access? And would you know if
someone else was accessing your data?

Patrick Heim is head of trust and security at Dropbox. He answers
these questions and more – including how Dropbox protects its
customer’s data – in our latest podcast. He also discusses the
difference between securing a cloud platform versus securing an
enterprise.