The Defender's Advantage Podcast

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  For more on this research, please check out: Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-dayCutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitationCutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistenceCutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movementFollow John on X at  @Big_Bad_W0lf_Follow Tyler on X at @tylabs

Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report.  Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends

Kimberly Goody leads Mandiant's Cyber Crime Analysis team, specializing in ransomware, while Jeremy Kennelly is a lead analyst with expertise in data theft. They dive deep into the evolution of multifaceted extortion, revealing a sharp rise in ransomware payments, with averages exceeding $1 million. They discuss why manufacturing and small enterprises are increasingly targeted due to limited security and assess the healthcare sector's vulnerabilities. Notably, they highlight shifts in tactics used by attackers, emphasizing a troubling trend in exploit-based operations.

Shanmukhanand Naikwade, a cybersecurity consultant, and Dan Nutting, an expert in threat hunting, dive deep into the nuances of 'living off the land' (LotL) cyber attacks. They discuss how attackers exploit legitimate tools to blend in and evade detection, contrasting these tactics with traditional malware. The conversation highlights the significance of adapting detection methods and utilizing threat intelligence effectively. They also shed light on the Volt Typhoon group, exploring its sophisticated tactics and the critical role of logging in cybersecurity.

Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations,  and more. 

Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more. For more on the work of Google Cloud's Office of the CISO: https://cloud.google.com/solutions/security/board-of-directors?hl=en#additional-thought-leadership-resources

Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his  blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop

For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year. 

Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, discuss threat trends in 2023 including business email compromise, common initial infection vectors, social engineering tactics, theft of credentials from outsourcing vendors, Fin 11's activities, enhancing security measures, rise of adversary-in-the-middle techniques, and data theft by ransomware threat actors.