Mandiant Advantage, our SaaS platform, was always intended to house more than just our threat intelligence—and now it does. With the addition of Mandiant Automated Defense and Mandiant Security Validation, we are continuing to roll out new features in a platform that is easily accessible, as well as easy to deploy and scale.  Mike Armistead, SVP of Mandiant Advantage Products, joined host Luke McNamara to discuss what security teams will be able to do with these new features. Mike joined FireEye during the Respond Software acquisition, in which Respond’s solution became what is now known as Mandiant Automated Defense. Mike shared how the addition of Mandiant Automated Defense to the Mandiant Advantage platform enables the automation of tier one triage alerts.  One thing that really stuck out about their conversation is how weaving together Mandiant Automated Defense, Mandiant Security Validation, and Mandiant Threat Intelligence helps organizations prioritize threats that matter to them, fast. Listen to this episode to get a walkthrough of how a SOC analyst can use the Mandiant Advantage platform to access intel about an alert they receive. You’ll also get a glimpse into what’s next for the Mandiant Advantage platform. 

Have you ever wondered what it takes to develop our annual M-Trends report? The short answer is: a whole lot! Our host Luke McNamara asked Regina Elwell, Senior Principal Threat Analyst on the Advanced Practices Team, and Steve Stone, Senior Director for Advanced Practices, to take us behind the scenes so we can see exactly what goes into building an edition of M-Trends.  Steve started by discussing the sheer amount of data collection that is required, and how the team has to pore over this data—which comes directly from our incident response investigations—to determine what is a trend and what is not. Regina and Steve also touched on the evolution of the report from its first iteration in 2011. Not surprisingly, the reports have gotten more robust and include new data points almost every year.  We also discussed some of the highlights from our latest report, M-Trends 2021, and interpreted some of the key findings, including drops in median dwell time, increases in internal detections, impact of ransomware, and notable malware families from 2020. Additionally, we covered some of the process and approach Mandiant puts into grouping new threat groups (UNCs) and Steve and Regina’s favorite threat actors. Listen to the podcast now, and when you’re done, read the full M-Trends 2021 report. 

We are wrapping up our “Big Four” series with a country that has beenone to watch for quite some time: Russia. And who better to join mefor this episode than our Vice President for Mandiant ThreatIntelligence, John Hultquist.We started off this episode discussing how Russian cyber threatactivity evolved to what we know today, from the days of MoonlightMaze and Agent.BTZ. We then shifted the conversation to some of themost notable Russian threat groups and the difficulties of assigningattribution at the organizational sponsorship level. While many APTgroups from the “Big Four” may blend together various types of threatactivity, Russia has utilized a particularly interesting mix of cyberespionage, information operations, and disruptive attacks over theyears.John brought up many notable Russian incidents, including: theOlympics, the Ukrainian power grid, the targeting of elections, andthe SolarWinds supply chain breach. We also discussed some of thechallenges in communicating threat intelligence to both customers andwider audiences. To cap off the series, John delved into howorganizations should think about not only Russian threat activity, butthe operations and campaigns from North Korea, Iran, and China.You can stay ahead of threat actors like those from the “Big Four” byjoining Mandiant Advantage Free where you’ll have access toup-to-the-minute threat intelligence: http://feye.io/MA

The third installment of our “Big Four” series on China is filled withso much great information that it’s our longest episode yet. LloydBrown, Principal Analyst for our Custom Intel Team, and ScottHenderson, Principal Analyst for our Cyber Espionage Team, joined ourhost, Luke McNamara to peel back the layers of China’s cybercapabilities.Similar to past episodes in this series, we started at the beginningof China’s cyber operations—dating back to 2003. Scott and Lloyd tookus through a detailed look at all the stages of China’s operations,including the shift in 2015/2016 from being “clumsy and noisy” tostealthy. Lloyd brings up a great point that’s worth hearing abouttheir use of CVE exploits (which came into play with the recentMicrosoft Exchange server exploits).We also discussed how China’s cyber activity is driven by economicinterests such as the Belt and Road initiative, the nature of theiroperations surrounding global elections, APT41’s cybercrime activityin addition to cyber espionage, and where they think China’soperations are headed. You’ll definitely want to stick around to thevery end. Since our initial recording occurred before the MicrosoftExchange exploits, Luke decided to follow up with Lloyd to get histake on HAFNIUM and the UNC groups we’re tracking related to thatactivity.Know the threats that affect your organization with up-to-the-minutethreat intelligence by signing up for Mandiant Advantage Free:http://feye.io/MA

How does Reddit handle malicious or suspicious coordinated activity ontheir platform? Our host Luke McNamara asked Aylea Baldwin, ThreatIntelligence Lead at Reddit, to answer that question and more duringthis episode of Eye on Security.During the discussion Aylea shared a few ways Reddit is uniquecompared to other social media networks—its tolerance for varyinglevels of behavior on different communities, the lack of user datacollection, and the way posts are amplified through voting. The votingfeature is unique to Reddit and Luke was curious to know how threatactors leverage it as part of their influence campaigns. As it turnsout, the answer to that question isn’t so simple since foreign actorshave to get buy-in from people to up-vote their posts.We ended our conversation with Aylea’s thoughts on the future ofdisinformation and deep fake technology, which is a concern in thesecurity and many other industries, and something that can have a hugeinfluence on sites such as Reddit.

Did you know that women are disproportionately affected by cybercrime,cyber stalking, cyber bullying, cyber harassment, and image-basedsexual abuse? We asked Cris Kittner, Principal Analyst at MandiantThreat Intelligence, and Lillian Teng, Director of ThreatInvestigations from Verizon Media to join us for a discussion aroundtheir recent talk on digital safety for women and practical strategieswomen of all ages can take to increase their online safety.Cris and Lillian provided their reasons and motivations for puttingtogether the talk, which they first presented at the Grace HopperCelebration in 2020. They highlighted the connection between physicaland cyber stalking and the need for these conversations to benormalized. Far too often, Cris and Lillian heard from youngprofessionals that they believed the cyber harassment that washappening to them in the workplace or at conferences was “normal.”To combat the issues many women are facing online, Chris and Lillianprovided a list of practical considerations that women should follow,such as using a password manager, knowing what permissions are beinggiven to third-party applications, understanding that Snapchat imagescan be recovered, adjusting (or eliminating) location tags, and how toreport abuse happening on social media sites.Listen to the episode today for online safety strategies that can helpyou or a loved one stay safe online.

We’re back with the second episode of our “Big Four” series focused onNorth Korea, Iran, China, and Russia. We honed in on Iran for thisone, and to help explore their cyber capabilities, we invited SarahHawley, Principal Analyst for Mandiant Threat Intelligence, and LeeFoster, Senior Manager of Information Operations Analysis.Sarah kicked off the episode by providing an overview of Iran’s pastoffensive cyber activity and how these capabilities have developedover the years. Lee shared how they have also grown their usage andwillingness to use information operations (IO) and how his teamapproaches attribution and analysis of this disinformation activity.We then touched on drivers of Iranian cyber threat and their apparentincreasing willingness to target democratic processes. Sarah alsodiscussed Iran’s destructive activity going after industrial targetsin the oil and gas sectors through password spraying and spearphishing operations.As always, we closed out the episode with thoughts about what Sarahand Lee think we might see from Iran’s cyber operations in the comingyears. Listen to hear their predictions and stay tuned for ourupcoming episodes on China and Russia.Listen to the podcast now, check out the “Big Four” episode on NorthKorea if you haven’t already, and then head over to our Eye onSecurity page for even more episodes.

“Legitimate access rules the threat landscape”, says Jon Ford,Managing Director at Mandiant. In addition to loss of intellectualproperty, malicious insiders are increasingly impacting organizationalreputation, customer trust and investor confidence. There’s a lot moreto insider cyber security threats than disgruntled employees, which isthe first thing that comes to mind for most when they think of thisthreat. Jon Ford, Managing Director of Mandiant, and Johnny Collins,Director of Mandiant, joined us to break down what insider threats areand the trends Mandiant is seeing in recent investigations.Johnny began by defining insider threats—from unintended linkclicking, all the way up to human enabled technical operations (thinkmeet-ups in parks while avoiding all electronic communications thatyou see in movies). Both Johnny and Jon shared how organizations onthe commercial and government sides are thinking about insider threatsas part of their overall risk and security posture, and how clientsare approaching insider threat security from a behavior-focusedapproach as opposed to targeting or profiling individuals.Then we got to the good part: stories from recent investigationsthey’ve worked on through Mandiant’s Insider Threat Security Servicesofferings. You might be surprised by the outcomes of a few of them.Johnny and Jon went on to highlight the various tiers of Mandiant’sInsider Threat Program Assessments and Mandiant’s Insider ThreatSecurity as a Service offering with Mandiant Intelligence. Johnny andJon close with shared thoughts on the growing Insider Threat trendswe’ll see in the near future.

While many cyber threats and security issues are universal andexperienced by organizations in any part of the world, some are morecommon to a particular region than others. Host Luke McNamara invitedRyan Goss, Vice President for Latin America & the Caribbean, and JuanCarlos Garcias Caparros, Director of Mandiant Consulting for LatinAmerica and the Caribbean, to talk specifically about cyber securityin Latin America.Juan Carlos shares what threats we’ve seen our customers face in LatinAmerica. He also discusses the security culture in Latin America,comparing maturity of organizations to those in United States orEurope. We also explore whether attitudes are shifting around cybersecurity in boardrooms. Ryan believes it’s moving in a good direction,but that many companies still treat cyber security as an afterthought,which leads to lower overall budgets and forces security teams tofocus on solutions that are “good enough” or at least allow them to“check the compliance box”. Thus the importance of FireEye leadingwith Mandiant Services and establishing ourselves as trusted advisorsand true partners for our customers.We wrap up the episode by touching on cyber training, securityvalidation and unexpected activity from North Korea targetingfinancial institutions throughout Latin America.

We’re kicking off Eye on Security in 2021 with a nation-state-themedminiseries that focuses on the big four, which we recognize as NorthKorea, Iran, China and Russia. In this episode, host Luke McNamarainvited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,onto the podcast to talk about North Korea.Fred started our discussion by providing some background on thecountry, how it operates geopolitically, and why they’ve shifted theirfocus to a cyber capability. We also review their early cyberoperations that primarily targeted South Korea and their expansion tothe U.S. private sector with the Sony hack. Since then, North Koreacontinues to be active in both financially-motivated andespionage-related operations.There are a lot of behaviors that make North Korean cyber operationsunique, due in part to the country being very closed off. Their cyberoperations have demonstrated rapid shifts in targeting, which likelycomes at the request of the regime. We most recently saw this withtheir targeting of COVID-19 research and vaccine distribution. NorthKorea hasn’t publicly reported on any COVID-19 cases, so their cyberbehavior offers us a glimpse into what might actually be going onwithin the country.As always, we like to predict what we’ll see next in a region or froman actor. In this case, Fred says it’s quite difficult to know whatNorth Korea is up to next. Find out why when you listen to theepisode.