The Defender's Advantage Podcast

Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. https://cloud.google.com/security/resources/cybersecurity-forecasthttps://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat

Dan Black, Principal Analyst at the Google Threat Intelligence Group, dives into the chilling world of Russia-aligned cyber threats, particularly focusing on Signal Messenger. He explains the shift in Russian cyber tactics from civilian targets to military priorities, highlighting their use of espionage. Black discusses how Ukrainian forces rely on encrypted apps amid rising threats like malware and phishing. He also shares essential cybersecurity practices for users to protect themselves, emphasizing the importance of vigilance in the evolving digital battlefield.

Steph Hay, Senior Director at Google Cloud Security, discusses the transformative role of agentic AI in cybersecurity. She explains how generative AI is already reducing threats and analyst toil while scaling workforce talent. Steph highlights the shift from summarization to automated agents that streamline security workflows. These semi-autonomous agents enable rapid threat assessments and improve response times by handling repetitive tasks. She emphasizes the importance of safety controls and collaboration with customers to refine AI capabilities.

Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more. 

Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercisehttps://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf

Vicente Diaz, a Threat Intelligence Strategist at VirusTotal, dives into the fascinating world of using large language models (LLMs) for malware analysis. He discusses how Gemini can analyze Windows binaries, enhancing security operations. The conversation touches on the balance of static and dynamic analysis, the challenges of de-obfuscation, and how LLMs can provide critical attribution signals. Diaz also highlights the potential of LLMs to reduce analyst workload, speed triage processes, and assist in comparing malware variants.

Josh Fleischer, a Principal Security Analyst with Mandiant's Managed Defense organization, dives into the alarming trends of multi-factor authentication (MFA) bypass in this discussion. He reveals how adversary in the middle attacks exploit vulnerabilities, particularly through advanced phishing tactics. Josh highlights the rise of 'phishing as a service,' automation in spear phishing, and the risks posed by QR codes. He emphasizes the critical need for robust MFA solutions amid evolving threats and shares insights on detecting and remediating digital threats.

Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. For more on TAG's work on CSVs:https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/

Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros.  For more on this topic, please see:  https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations?e=48754805https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east?e=48754805

Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy explore securing AI workloads. They discuss implementing AI tools securely, distinguishing between safety and security testing, deploying AI solutions in cyber defense, and enhancing security maturity and governance for adopting technologies.