Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk.Jonathan shares his experiences from BugBounty, penetration testing and working with customers to solve the growing problem of too many CVEs, too little prioritization methods. He walks through the importance of an intelligence-led approach to exposure management, how CISOs can think about their organization and how to make informed business decisions. 

With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions. Follow Jenny on Twitter @j3nnyt0wn and 38 North at https://www.38north.org/ Find Mandiant's full report on APT43 here: https://www.mandiant.com/resources/reports/apt43-north-korea-cybercrime-espionage

Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting things they each observed last year.  Jared covers some of the threat actors that drove last year's trends in observed zero-days, and Maddie highlights how variants of known vulnerabilities and bugs continue to shape the exploit landscape. They also discuss the challenges and trade-offs for defenders that arise from publishing technical details of exploits. For more on Google's Project Zero, check out: https://googleprojectzero.blogspot.com/ For more on Mandiant's research on zero-days in 2022, please see: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware vendors, and how that is impacting the threat landscape today. While this threat has evolved over the years as vendors come and go, Shane highlights drivers to this market and how it may evolve in the years to come. Shane also delves into TAG's recent report on the past year of Russian cyber operations since the invasion of Ukraine, and provides some thoughts on threat activity to anticipate going forward, from supply chain compromises to election security. For more on TAG and Mandiant's analysis of Russian operations since the invasion of Ukraine, check out: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/For more on Google's efforts against commercial spyware: https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/  

Have you ever wondered what a breach is really like from a CISO's perspective?Fred Thiele, CISO at Interactive, joins host Kerry Matre to discuss managing data breaches from his personal experiences.Fred dives into examples from his past, pointing out the depth and long tail of a breach. He explains all of the bits of a breach that go beyond incident response including working with insurance carriers, regulators, crisis communications, and more. He also shares what surprises he has encountered along the way!Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Kimberly Goody and Jeremy Kennelly from Mandiant’s Financial Crime Analysis team join host Luke McNamara to discuss trends in the cyber crime landscape. Kimberly and Jeremy dive into the ongoing nature of banking malware repurposed for other types of financially-motivated crime, SIM swapping, experimentation with file types and post-compromise exploitation frameworks, and more. Of course, the discussion inevitably returns to the topic of extortion and ransomware, and where that might be heading next. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Our latest episode in The Defender’s Advantage Podcast Skills Gap series features Mandiant EVP and Chief of Business Operations Barbara Massa and Director of HR for Google Cloud Margaret Clarke who joined host Kevin Bordlemay to discuss the initiatives from Mandiant and Google Cloud to address the cyber mobilization crisis we are facing. Recent data shows that there are over 700,000 cybersecurity jobs that are unfilled in the US alone, and global estimates show this number is upwards of 3 million. Barbara and Margaret discuss how both Mandiant and Google Cloud are breaking down the barriers to employment in cyber and ensure those interested in employment get the education they need to be successful in the field. They also discuss how organizations should think differently about addressing the talent shortage in cyber security. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

We are kicking off a new year of The Defender’s Advantage Podcast with a new episode of the Frontline Stories series. This week, host Kerry Matre is joined by Mary Writz, SVP of Product for fraud prevention platform Sift for a discussion on fraud. Mary discusses the ins and outs of fraud, including the types of fraud, the industries typically impacted and how fraud connects with cyber security and identity access. She also touches on the skills gap in the fraud space and briefly talks about cryptocurrency. Learn more about Sift at https://sift.com/ and @GetSift. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of the Threat Trends series is the final episode of 2022 for The Defender’s Advantage Podcast. To wrap up our year and provide a glimpse into what we can expect from 2023, Sandra Joyce, VP of Mandiant Intelligence, joins host Luke McNamara for a discussion on some of the highlights from the past year. Sandra chats through aspects of the Russian invasion on Ukraine, activity from the DRAGONBRIDGE IO campaign, and Mandiant’s graduation of APT42. She also discusses the evolution of ransomware and the possibility of threat actors targeting countries with ransomware – as we saw in Albania – could be a trend we continue to see in 2023. Additional trends Sandra mentions include the close association of hacktivist activity with APT activity and North Korea’s continued interest in cryptocurrency. Read more about what else experts predict we can expect in the coming year in Mandiant’s Cyber Security Forecast 2023 Report. Download your copy at https://mndt.info/3FDxQ9n. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.