We commonly see the same threat actors, techniques and malware poppingup in all corners of the globe, but that doesn’t mean each regionisn’t affected differently. In this episode, our host Luke McNamara,Principal Analyst for Mandiant Threat Intelligence is joined by YihaoLim, Principal Analyst for Mandiant Threat Intelligence, to discusscyber security and threats related specifically to the Asia Pacific(APAC) region.

COVID-19 has brought on a rapid shift to remote work. Manyorganizations were unprepared, so they quickly turned to collaborationplatforms that could help employees get back to work. But with moreapplications comes a bigger attack surface.On today’s Eye on Security podcast, Luke McNamara, Principal Analystfor Mandiant Threat Intelligence talks with Marcus Troiano, ManagingConsultant for Mandiant, about collaboration platform security.We begin the episode by discussing overall best practices forcollaboration tools, including those used for chatting, video andaudio conferencing, and file sharing. The increased use of these toolshas made them a bigger target of attackers and organizations need toensure employees are aware of and protected against relevant threats.Later in the episode, Marcus and Luke discuss issues surrounding theuse of personal devices for work, which can lead to issues such asaccidental data leakage. We also provide a list of recommendations onhow to keep virtual meetings secure so no one can listen in on ameeting, as well as how to properly share a screen withoutinadvertently disclosing confidential data.Listen to the episode today, and check out our related blog post foreven moreinformation:https://www.fireeye.com/blog/executive-perspective/2020/04/security-best-practices-for-collaboration-platforms.html

COVID-19 has rapidly taken over the headlines across the globe. Aswith many other major events, threat actors are quick to adaptrelevant topics as part of their phishing campaigns to increase thelikelihood of success. The same rings true for COVID-19, especiallydue to its global impact.On this latest Eye on Security podcast, John Atrache, PrincipalConsultant for Mandiant, joins me to discuss all things email in thetime of COVID-19. We cover a variety of topics, including how threatactors are continuously updating their phishing campaigns as newdevelopments around the pandemic arise. We also cover the importanceof organizations increasing their vigilance during these challengingtimes, and how to implement quick and effective hardening controls tomitigate the risk of successful phishing attack.Listen to the episode today, and then learn even more by checking outour blog post on COVID-19 themed phishing attacks and how to manageemail phishing risks:https://www.fireeye.com/blog/executive-perspective/2020/03/managing-email-phishing-risks.html

We are back with the second part of our M-Trends podcast where LukeMcNamara, Principal Analyst continues discussing highlights andinsights from this year’s report with Jurgen Kutscher, EVP of MandiantSolutions.We pick back up with the nature of multiple attackers in anenvironment—notably, whether or not they are aware of other attackersin the environment and if they are collaborating. Jurgen thendiscusses the rise of insider threats and how organizations canimprove the monitoring and detection of insider threats.Ransomware use continues to rise—attackers are having success andgenerating revenue, so we don’t expect this trend to level off anytime soon. Jurgen provides steps that organizations can take to reducetheir risk of falling victim to ransomware, and suggests organizationstake a look at our ransomware white paper for more containmentstrategies:https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/wp-ransomware-protection-and-containment-strategies.pdfCheck out our podcast today, and also hear Jurgen’s top cyber securityrecommendations for 2020.

FireEye released M-Trends 2020 earlier this year to provide visibilityinto frontline investigations of the most interesting and impactfulcyber attacks of the year. In this first episode of our two-partM-Trends 2020 podcast, Luke McNamara discusses the report with JurgenKutscher, EVP of Mandiant Solutions.We begin the episode by highlighting the key themes from M-Trends2020, such as dwell time and the continued exploitation of legitimatecredentials. Jurgen discusses the decrease in dwell time and whetherit’s due to organizations getting better at detections or the changingnature of attacks. You’ll also hear about trends in cloud security andrecommendations for the healthcare industry when it comes to cloud, aswell as insights into compromise detection by third parties.Listen to the podcast today to dive into M-Trends 2020, and be sure totune in for part two where we discuss insider threats, ransomware, andJurgen’s recommendations for the year ahead.

In this latest episode, we featured M-Trends contributors DominikWeber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)to take us on a deep dive of our annual M-Trends report. We discussedhow key metrics from our incident response investigations changed,including: dwell times, source of notification, number of threatactors tracked, and malware families/trends broken down by operatingsystem. Additionally, we highlighted things that stood out to Dominikand Dan, including:-Malware that used email for command and control-Malware that leveraged cryptography to protect further stages foranalysis [execution guardrails!]-How FLARE determines whether a malware sample is a "new" family vs avariant of an existing family we've seen before-Targeted ransomware trends-Chinese threat groups who have been active lately (APT40, APT41,APT5, and several uncategorized clusters), as well as how the recentUS Justice Department indictments may have impacted operations bythose APT groups-Dominik's involvement in the annual FLARE-ON challenge and what it'slike to create a challenge (encrypted web shell)For the full M-Trends report, visit:https://www.fireeye.com/current-threats/annual-threat-report/mtrends.htmlTo find out more about the FLARE-On challenge, visit:http://flare-on.com/

Cloud security is more important today than ever before. Luke McNamarawas joined once again by Martin Holste, CTO for Cloud at FireEye,Chris Schreiber, FireEye product strategist, and JR Weiks, FireEyesecurity principal engineer.In this second of two podcasts on cloud security, they examine how thepoint products and various processes that make up cyber security todaywill set the stage for the future of security operations centers(SOC). The ideal way to initiate this transformation to the SOC oftomorrow is with a single cyber security platform such as FireEyeHelix, which is a cloud-hosted security operations platform.Integrating visibility, protection and detection with advancedanalytics is not a dream of the future, but an achievable realityright now.Check out the podcast, and also learn more about how FireEye Helixseamlessly integrates disparate security tools and augments them withnext generation SIEM, orchestration and threat intelligencecapabilities to capture the untapped potential of securityinvestments.

Cloud security is more important today than ever before. To learn moreabout the topic, Luke McNamara sat down with Martin Holste, CTO forCloud at FireEye, Chris Schreiber, FireEye product strategist, and JRWeiks, FireEye security principal engineer.In this first of two podcasts on cloud security, they discuss some ofthe security challenges that occur when migrating to the cloud,specifically highlighting some of the common problems that quicklyrise to the top once that journey begins. Additionally, they dive intosome of the different tactics that threat actors use to exploit cloudinfrastructure and how organizations can protect themselves.Check out the podcast, and for more information head over to ourFireEye Cloud Security page and our FireEye Partnership with AWS page.

In October 2019, FireEye launched its Purple Team and ContinuousPurple Team Assessments to enable organizations to quantifiablyevaluate security controls and programs against Verodin simulatedattack scenarios. With Purple Team Assessments, Mandiant experts guidean organization’s security team through highly-realistic attackscenarios.Luke McNamara spoke with one of our global red team leads who is onthe front lines managing this new offering, Evan Pena. During theirdiscussion, Evan explains what exactly a purple team is vs. atraditional red and blue team, what are the outputs/deliverables thatcome from a purple team, in what capacity will Verodin be used todeliver this new offering, and more.For more information about FireEye Mandiant Purple Team Assessments,including the FireEye Verodin Security Instrumentation Platform (SIP),please visithttps://www.fireeye.com/services/purple-team-assessment.html