Organizations fear adversaries will attack. Threat hunters assume adversaries are already in the system — and their investigations seek unusual behavior that may indicate malicious activity is afoot. Andrew Munchbach, CrowdStrike’s Global VP, Field Engineering, joins Adam and Cristian in this week’s episode to explore what threat hunting is, how it works, and what makes a good threat hunting program. As CrowdStrike’s “Chief Reddit Officer”, Andrew also shares how he came to run CrowdStrike’s Reddit account and discusses the platform’s evolving role in communicating with the security community. Now with nearly 20,000 followers, CrowdStrike’s Reddit account is used to share information — from key data on active attacks to weekly threat hunting exercises — with CrowdStrike customers and the general public.

Today’s conversation explores a common question around adversary activity: Why does attribution matter? When a cyberattack hits, why go to the trouble of learning who is behind it? Each attempt at an intrusion can reveal a lot about an adversary — who they are, what they’re doing and what their motivations may be. This information can not only inform your response to an attack but how you strengthen your security architecture against future attacks. In this episode, Adam and Cristian discuss the importance of knowing who the adversary is and what they’re after. They go back to the early days of adversary attribution, explain how adversaries are tracked as their activity changes over time and examine the value of this intelligence in helping organizations succeed in the face of evolving cyber threats. The tool Adam mentions at the end of this episode can be found at https://adversary.crowdstrike.com/

Join Adam and Cristian in a live chat with Morgan Adamski, Chief of the NSA’s Cybersecurity Collaboration Center, as they discuss bridging NSA intelligence with private sector, insights on nation-state adversary activity, North Korea's cyber advancements, AI security, and collaborative defense strategies.

CrowdStrike Chief Security Officer Shawn Henry joined CrowdStrike as employee number 19 after a 24-year career at the FBI, where he retired as the Bureau’s Executive Assistant Director. Today, he joins Adam and Cristian for a wide-ranging conversation exploring his early days at CrowdStrike and transition to the private sector, his perspective on the 2016 DNC breach and the risks modern elections face. Adversaries have numerous opportunities to sway voters’ opinions — and now they have the technology to wield greater influence through misinformation and disinformation campaigns. “I think we've just scratched the surface with AI from a deepfake perspective,” Shawn says of how artificial intelligence may play a role in this activity. Tune in to hear his perspective, stories and guidance as we navigate this election year.

Explore the surge in interactive cyber intrusions with a 60% increase, 75% malware-free attacks, and adversary tactics. Also, learn about the rise in attacks targeting cloud environments, the speed of adversaries moving through systems, and the tactics used in data leakage and ransomware extortion schemes.

CrowdStrike has long said, “You don’t have a malware problem — you have an adversary problem.” Much like we analyze the malware and tools used in cyberattacks, we must also learn about the people who orchestrate them. Adam and Cristian are joined by Cameron Malin, a behavioral profiler who specializes in understanding adversaries and the “why” behind their activity. Cameron built the FBI’s Cyber Behavioral Analysis Unit, which works to understand the motivations for cybercrime across different types of offenses and has focused for years on exploring why adversaries do what they do. In this episode, he discusses how the discipline of cyber behavioral profiling emerged, how experts approach interviewing and analyzing adversaries, and the “dark triad” and “dark tetrad” of personality traits commonly observed in cyberattacks.

Though the inner workings of North Korea remain a mystery to much of the world, its global cyber activity has been tracked and analyzed for years. CrowdStrike’s Counter Adversary Operations team, which tracks five North Korean threat actors, has a unique perspective on the country’s evolution as a global cybersecurity threat and the many ways it has used cyber capabilities to achieve its goals. In this episode, Adam and Cristian trace the history of North Korean cyber operations from its early days of destructive attacks to its focus on financial gain and espionage. Tune in for the answers to questions such as: How does North Korea discover its cyber talent? When did it pivot to cryptocurrency theft? And why does CrowdStrike track North Korean adversaries under the name CHOLLIMA? Come for the history, stay for Cristian’s singing skills in this conversation about the complex and changing world of North Korean cyber activity.   Check out some the CHOLLIMAs we track here:  https://www.crowdstrike.com/adversaries/silent-chollima/ https://www.crowdstrike.com/adversaries/labyrinth-chollima/ https://www.crowdstrike.com/adversaries/ricochet-chollima/ https://www.crowdstrike.com/adversaries/velvet-chollima/ https://www.crowdstrike.com/adversaries/stardust-chollima/ 

Cristian is joined by CrowdStrike Global CTO Elia Zaitsev to revisit the world of AI and large language models (LLMs), this time from the perspective of modern defenders. While this space has seen explosive growth in the past year, most organizations are still working to determine how LLM technology fits into their cybersecurity strategies. In this episode, Cristian and Elia unpack the rapid evolution of AI models — a trend the two consider both exciting and frightening — and examine how LLMs are empowering defenders, their effect on automation in the enterprise and why humans will continue to be part of the picture even as AI-powered tools evolve. Additional Resources: Five Questions Security Teams Need to Ask to Use Generative AI Responsibly Introducing Charlotte AI, CrowdStrike’s Generative AI Security Analyst: Ushering in the Future of AI-Powered Cybersecurity

Russian adversary VOODOO BEAR targets Ukrainian telecom provider Kyivstar, using it as a testing ground for cyber attacks. The hosts discuss the disruptive behavior and history of VOODOO BEAR, as well as the broader context of Russian intrusion operations. They explore the tactics and targets of the threat actor group Voodoo Bear, highlighting their involvement in destructive attacks on power infrastructure. The podcast also examines the impact of Russian cyber operations on the world stage and raises questions about the need for reassessment of security programs and partnerships.

It has been a whirlwind year for the cybersecurity industry. In this episode of the Adversary Universe podcast, we revisit clips from standout episodes of 2023. Tune in to catch pieces of our conversations on the evolution of cloud-focused cyberattacks, the rise of cyber activity from Iran and China, the process of discovering and mitigating vulnerabilities, the role of AI in the cyber threat landscape and more. For those who want to listen to the full episodes related to each of these clips, the episodes highlighted here are in the following order: Adversaries and AI: Today’s Reality and Tomorrow’s Potential Data Extortion Dethrones Ransomware as the Threat to Watch Cloud Is the New Battleground Invisible Threats: Discovering, Tracking and Mitigating Vulnerabilities Have You Been Breached? Urgent Care Required: The State of Healthcare Cybersecurity Iran’s Rise from Nascent Threat Actor to Global Adversary Inside China’s Evolution as a Global Security Threat