The Defender's Advantage Podcast

In this episode, we have something a little different. We're excitedthat Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, hasjoined host Luke McNamara to share a different perspective on many ofthe same cyber security stories and events that we work on in parallelhere at FireEye.Sean and Luke kick off their conversation by discussing which storiesSean considers top priority. These days his mornings entail reviewingelection security, and then he starts chasing the timely stories hefinds most interesting. Sean also shared the difference between whatis news and what is research when it comes to writing a story.With the election being so close, we of course turned to the topic ofdisinformation. Sean shared the difficulties of writing aboutinformation operations and his approach of attempting to report on itwithout amplifying fear or paranoia. We also explored the impact andintent of these operations.Listen to the episode to hear Sean’s thoughts on the future of mediaand news consumption, and the cybersecurity topics he thinks we willbe reading about in the news in the coming year.

Our customers expressed a desire for faster access to our intelligenceto focus on threat activity that matters to them, so we launchedMandiant Advantage. Mandiant Advantage is a new SaaS platform thatallows our customers to engage across all areas of our expertise,starting with threat intelligence.For this episode of ‘Eye on Security’, our host, Luke McNamara isjoined by Jon Heit, Senior Manager of Intel Product Management, andJeff Guilfoyle, Principal Product Manager. We start by looking back atwhere the idea for Mandiant Advantage came from and the problems theplatform aims to solve. One of the features we’re most excited aboutis that our customers can get a visual representation of disparatepieces of discovered threat actors, malware, vulnerabilities allconnected together regardless of the products and tools deployed. Wealso explore the graduation process of adversarial group FIN11 and howMandiant Advantage will allow customers to continuously exploreactivities of thousands of actors.Listen to the podcast to hear how Mandiant Advantage can provide yourorganization a front row seat into frontline threat intelligence tofocus on threats that matter to you.

The cyber skills shortage is a real problem. There just aren’t enoughqualified people to adequately meet the cyber security needs of allorganizations, and the problem is only expected to get worse. One ofthe ways we address this challenge at FireEye is through internal andexternal training courses. We invited two people involved in thoseefforts to join our host, Luke McNamara for this episode of Eye onSecurity: Dawn Hagen, Senior Director of Learning and Development, andDr. Brett Miller, Managing Director at Mandiant.They spoke about the evolution and range of training that includesproduct and product-agnostic courses. Brett shared insights on how weadapted our courses to meet customer needs and market demands—effortsthat include opening up our training to individuals as well as thegeneral public. Dawn also noted that we have developed curriculaalongside clients who have requested custom courses, and that wecontinue to teach some of these courses to this day.Of course things are changing. While most of our training wasin-person for both internal and external courses, we have pivoted tovirtual training in light of recent global events. Currently, about 60percent of our courses are available online, and we expect many ofthese courses to remain online indefinitely—while still maintainingthe same quality as in-person classes.Listen to the episode to dive into the development of our courses,hear about our lab to lecture ratio, and find out why we’ve shifted toensuring students are able to perform tasks instead of just having theknowledge to do it. And for more information about individual trainingcourses available to the public, check out our training schedule:https://feye.io/30o4Zke

Ransomware continues to be one of the most significant cyber securityissues affecting organizations today. The attack is very effective andcan be carried out relatively cheaply, making for larger net profits.With no end in sight to this nasty threat, Luke McNamara, our host andPrincipal Analyst for FireEye, spoke with someone who has a front-rowseat into how organizations think about ransomware and other similarthreats. For that we turned to Charles Carmakal, our SVP & CTO forMandiant, and one of our leading incident response experts.On this episode of our Eye on Security podcast, Charles and Lukeexplore the rise and evolution of ransomware—from the early days ofthreat actors automating ransomware infections without knowing whotheir victim was, to the more recent trend of breaking intoorganizations with known vulnerabilities, taking critical data,deploying encryptors and asking for much more money.They then turn their discussion to the C-suite. Charles sharesperspectives from the board when it comes to cyber threats, notingthat while leadership is much more aware of cyber security and riskmanagement than they were in the past, many still won’t understand thegravity of the situation until it’s happening to them.Closing out the conversation, Charles shares customer storiesinvolving nation-state intrusions, the use of public offensivesecurity tools by nation-states, and the struggles organizations havehad securing their now remote workforces.

Information operations (IO) gained prominent public attention in 2016during the U.S. general election. Since then, new campaigns havecontinued to be exposed, and the tactics actors employ have evolved.In this episode of 'Eye on Security', Lee Foster, our Senior Managerof Information Operations Intelligence Analysis, joins host LukeMcNamara to talk all about disinformation, a recent influence campaignthat we refer to as Ghostwriter, and what we could see play out in the2020 general election.We start with Lee sharing overall trends and changes in IO that histeam has observed since early 2016. We then discuss the increasingusage of synthetic media (“deepfake”) images that threat actors areemploying in their campaigns, and how fabricated content is leveragedin coordinated inauthentic activity across forums and social media.Moving on to Ghostwriter, Lee describes all the tactics, techniquesand procedures related to this recent influence campaign, and goes onto compare this activity to another well-known IO campaign: SecondaryInfektion.Finally, no chat about disinformation would be complete withoutdiscussing how it could play out during the 2020 U.S. generalelection. Check out the episode today to hear Lee’s predictions forthe upcoming election and what the future holds for informationoperations in general.

The Strategic Analysis team at Mandiant Threat Intelligence examineshundreds of discrete data points from numerous sources, distillingtrends from that raw information to identify the most important,common, and damaging cyber threats clients should prioritize in theirdefensive strategies. That’s what we’re talking about on this week’sepisode of Eye on Security with our guest Kelli Vanderlee, Manager ofStrategic Analysis at FireEye.Kelli shares the types of topics the team covers, including industryand geographic-based reporting, trend analysis looking at theevolution of actor types or tactics over time, and examinations ofcyber risks associated with common business situations, such asmergers and acquisitions. Kelli and Luke also discuss the evolvingrole of Chinese cyber espionage actors and how they may be becomingmore aggressive and risk-tolerant than previously believed. We alsodelve into how the Belt and Road Initiative is driving cyberespionage—from China and other nations. In terms of the geopoliticsdriving cyber activity, Kelli believes we will continue to see morenation-states invest in cyber capabilities, as the rewards for thistype of activity often outweigh the risks.Listen to the episode to learn more about strategic analysis and thetrends Kelli’s team is tracking in 2020.

You’ve heard of security validation and know that it’s necessary totest your security effectiveness, but do you know how our teamdevelops the right attacks to test your controls against threatactivity we see in real life?On this episode of our Eye on Security podcast, Henry Peltokangas,Director of Product Management, and Nart Villeneuve, Director ofResearch & Collections, give us an inside look at what goes on behindthe scenes at Mandiant Security Validation.We begin our chat by discussing some of the key benefits of securityvalidation. We then dive into the research Henry’s team conducts totake tactics and techniques that adversaries use in the real world andreplicate them within the Mandiant Security Validation platform.Nart and Henry go on to discuss how Mandiant Security Validationreplicates adversary activity across every stage of the attacklifecycle, and then explain exactly why that is important. Finally, wewrap up the episode by previewing some new features in upcomingreleases, and how Henry and Nart see security validation evolving inthe future.To view the whitepaper mentioned during the episode, visit:https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html

In the latest episode of Eye on Security, our host Luke McNamara talksall about the world of operational technology (OT) and cyber physicalsystems with one of our foremost experts on the topic: NathanBrubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.Nathan kicked off the chat by explaining what exactly we mean when weuse the term ‘cyber physical.’ They then turned their attention torelated threats. As it turns out, there are far less attempts byattackers to target these systems than one might believe. Nathan wenton to discuss some of the fundamental differences between OT andinformation technology (IT) systems, and then explained how OT isbecoming more similar to IT, which makes those systems more vulnerableto compromise. Fortunately, even though OT security typically lagsbehind that of IT systems, it’s definitely moving forward in the rightdirection.Listen to the podcast today, and check out the following blog postsreferenced by Nathan during the episode:• Financially Motivated Actors Are Expanding Access Into OT: Analysisof Kill Lists That Include OT Processes Used With Seven MalwareFamilies: https://feye.io/2Wn6jlr• Monitoring ICS Cyber Operation Tools and Software Exploit Modules ToAnticipate Future Threats: https://feye.io/2B5WrVI• Ransomware Against the Machine: How Adversaries are Learning toDisrupt Industrial Production by Targeting IT and OT:https://feye.io/3j4l1Y5• The FireEye Approach to Operational Technology Security:https://feye.io/2DImy5T• TRITON Actor TTP Profile, Custom Attack Tools, Detections, andATT&CK Mapping: https://feye.io/2Wk58CX

We commonly see the same threat actors, techniques and malware poppingup in all corners of the globe, but that doesn’t mean each regionisn’t affected differently. In this episode, our host Luke McNamara,Principal Analyst for Mandiant Threat Intelligence is joined by YihaoLim, Principal Analyst for Mandiant Threat Intelligence, to discusscyber security and threats related specifically to the Asia Pacific(APAC) region.

COVID-19 has brought on a rapid shift to remote work. Manyorganizations were unprepared, so they quickly turned to collaborationplatforms that could help employees get back to work. But with moreapplications comes a bigger attack surface.On today’s Eye on Security podcast, Luke McNamara, Principal Analystfor Mandiant Threat Intelligence talks with Marcus Troiano, ManagingConsultant for Mandiant, about collaboration platform security.We begin the episode by discussing overall best practices forcollaboration tools, including those used for chatting, video andaudio conferencing, and file sharing. The increased use of these toolshas made them a bigger target of attackers and organizations need toensure employees are aware of and protected against relevant threats.Later in the episode, Marcus and Luke discuss issues surrounding theuse of personal devices for work, which can lead to issues such asaccidental data leakage. We also provide a list of recommendations onhow to keep virtual meetings secure so no one can listen in on ameeting, as well as how to properly share a screen withoutinadvertently disclosing confidential data.Listen to the episode today, and check out our related blog post foreven moreinformation:https://www.fireeye.com/blog/executive-perspective/2020/04/security-best-practices-for-collaboration-platforms.html