For the launch of Mandiant’s most newly graduated threat group, FIN12, Kimberly Goody (Director, Financial Crime Analysis) and Josh Shilko (Principal Technical Analyst, Financial Crime Analysis) join Eye on Security to discuss this actor. They cover this group’s TTPs and targets, where they fit into the ransomware ecosystem, and what makes this particular threat actor unique in the landscape.  

Host Luke McNamara is joined by Eli Fox and Michael Barnhart, both Senior Analysts at Mandiant, to discuss some of their work tracking various North Korean threat clusters. Michael and Eli share their perspectives on the continuously changing landscape of DPRK threat actors, some of the challenges in tracking them, and how information from defectors augments the technical data in their analysis. They share several stories of recent campaigns and delve into where some of these threats may be headed next.

This episode of Eye on Security delves into a security topic that continues to be front and center for many organizations: ransomware.  Dave Wong, Vice President for Mandiant Consulting, joined host Luke McNamara to discuss some of the recent changes with threat activity in this space. Dave covered where the trends in ransomware operations have taken us over the last year and a half, with increasing ransom price demands and the frequent extortion over stolen data from the victim. Dave and Luke also chatted affiliate models common and the fluid nature of many ransomware families, as new malware emerges and others seemingly “go dark”. Dave discussed his visibility into ransomware negotiations, sharing examples of his experience in dealing with these threat actors. He also highlighted important preparedness steps organizations can take beyond technical hardening by considering strategies of how they might approach dealing with a threat actor in a ransomware scenario. Finally, Dave and Luke touched on what changes might be seen as threat actors continue to evolve TTPs and extortion methods.  For further insights into ransomware negotiations, check out this Daily Beast interview with Dave: https://www.thedailybeast.com/inside-a-ransomware-negotiation-this-is-how-asshole-russian-hackers-keep-shaking-down-companies

Whether it’s shipping disruptions caused by the COVID-19 pandemic or compromises into software platforms used by hundreds of organizations, supply chain issues are back in the spotlight. In this episode of Eye on Security, host Luke McNamara is joined by Bryan Ware, CEO of Next5 and former Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). Bryan shares his perspective on the state of supply chain security, including the current challenges bringing this issue to the forefront now, different ways to think about supply chain issues, and steps organizations can take to mitigate their risk in this space.

While much of the discussion around modern ransomware campaigns has centered on threat actors from Eastern Europe and Russia, this episode highlights some of the lesser-known activity in a different region and explores how nations may experiment with asymmetric cyber capabilities in the future. In this episode of the Eye on Security podcast, host Luke McNamara sits down with Sanaz Yashar (Manager, Mandiant Intelligence) and Matan Mimran (Principal Analyst, Mandiant Intelligence) to discuss some of their research into Iranian threat actors leveraging ransomware and other cyber-crime tactics. Sanaz and Matan walk through campaigns they have witnessed from several UNCs that have impacted organizations in Israel and elsewhere, examining evidence for why these incidents could be part of a trend towards using ransomware for purposes other than financial gain.

Host Luke McNamara is joined by Jeff Compton, Senior Manager for Mandiant’s Intelligence Capability Development team to discuss the focus of his team in helping customers build threat intelligence programs and how the needs of customers in this space continue to evolve, and how the regulatory landscape is driving change in particular regions and industries. One of the things that Jeff in particular highlighted is the importance of having a threat intel function that supports more than just the SOC, but broader stakeholders across the organization as well. Translating cyber threats into risk particular to the customer is a big focus of Jeff’s team, woven throughout their range of functions. 

In response to an increasing demand to fill the CTI skills gap, Mandiant has made a commitment to arm organizations around the world with skilled security teams to succeed on the fast-evolving threat landscape. Host Luke McNamara is joined by Shanyn Ronis, Manager, Intelligence Training Program to discuss the official launch of Mandiant On-Demand Cyber Intelligence Training. Backed by 15+ years of frontline expertise and accessible 24/7, this on-demand training provides a cost-effective approach that empowers cyber security teams to effectively use intelligence across different job roles, at different skill levels.

On this episode we have Daniel Kappelman Zafra, a manager on Mandiant’s Cyber Physical Threat Intelligence team, to discuss a recent blog he and has team have released on the trend of lower sophistication threat actors targeting operational technology (OT). We discuss a precursor blog they put out last year, specific to this trend and the usage of ransomware by financially motivated actors to OT, and we talk about what Daniel is seeing change in this space. Our conversation touches on the various motivations that appear to be shaping this activity, and what it means for the potential proliferation of this as a tactic for hacktivists, opportunistic threat actors, and more. One of the things that I think really comes across in this episode is the thoughtful analysis that Daniel and his team apply to ascertaining the drivers of this trend and where it may be going. It’s an insightful look into an area of threat activity we will likely continue to see headlines around this year.  For more information on the discussion in this episode of Eye on Security, please check out the aforementioned blogs: -  https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html- https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html 

Host Luke McNamara is joined by Paul Tumelty, Government Security Manager, to discuss how Mandiant is partnering with governments in EMEA to help foster cyber capacity building in nations across the region. Paul walks through how governments are thinking about this, from the crafting of high-level strategies to working through the tasking of the appropriate entities for cyber defense, and establishing relationships with the private sector and beyond. Paul also highlights some of the challenges—and even advantages—that various nations may have depending on where they are in their journey of establishing a government framework to better address a changing threat landscape, especially in areas such as critical infrastructure protection. What Luke found particularly interesting and exciting about the work Mandiant is doing in this space is the holistic approach Paul and his team are taking—beyond just ensuring the implementation of the right technologies—but looking at every aspect of what contributes to a nation’s strategy to continuously provide for a defense that can meet emerging threats. Luke and Paul even discussed the importance of early education initiatives to help foster the future workforce as part of capacity building. 

In the latest episode of Eye on Security, we invited Jens Monrad, Head of Mandiant Threat Intelligence, EMEA to join Luke for a conversation on how the threat landscape has changed in the past year and how it continues to be impacted by the ongoing pandemic.  We reviewed the cyber events of the past year: pandemic-themed phishing, multiple APT campaigns against vaccine research and development, and ransomware targeting healthcare systems. Jens revealed that the biggest change still impacting the cyber threat landscape is the sheer volume of people working from home. He also highlighted the potential increase in the cyber criminal ecosystem due to job losses, and how individuals might turn to cybercrime in order to make money. Check out the episode now to hear how the pandemic has impacted APT activity and disinformation campaigns. Jens also shares a unique piece of advice on the threat landscape that is helpful to remember as we all work to better secure our environments. For additional information on how the pandemic and more is influencing the cyber threat landscape, check out our latest M-Trends 2021 report.