Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  For more on this research, please check out: Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-dayCutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitationCutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistenceCutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movementFollow John on X at  @Big_Bad_W0lf_Follow Tyler on X at @tylabs

Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report.  Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends

Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.

Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more. 

Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations,  and more. 

Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

Taylor Lehman (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more. For more on the work of Google Cloud's Office of the CISO: https://cloud.google.com/solutions/security/board-of-directors?hl=en#additional-thought-leadership-resources

Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his  blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop

For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year. 

Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023.  Josh and Doug cover what is happening with business email compromise (BEC), common initial infection vectors, social engineering tactics, and more. 

Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape,  collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security.  For more on the Department of Homeland Security and their work, please see: Cybersecurity | Homeland Security (dhs.gov)Shields Up | CISAJoint Cyber Defense Collaborative | CISAhttps://www.cisa.gov/securebydesignhttps://www.cisa.gov/secure-our-world https://www.cisa.gov/cybersecurity-awareness-monthAlejandro Mayorkas | Homeland Security (dhs.gov)

Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more. For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-cloud 

Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41. For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41Follow Kristina on X @chmodxx_

Charles Carmakal, CTO for Mandiant Consulting, joins host Luke McNamara to discuss the long tail impact of FIN11's compromise of the MOVEit file transfer solution. Charles breaks down some of the differences with this compromise in comparison to FIN11's previous operations, why the impact from this operation may impact organizations for some time, and what this spells for the changing landscape of multifaceted extortion. For more from Mandiant on MOVEit:  https://www.mandiant.com/resources/blog/zero-day-moveit-data-theftIf you enjoyed this episode,  please rate and leave us a review on your platform of choice! 

Dr. Jamie Collier (Senior Threat Intelligence Advisor, Mandiant) joins host Luke McNamara to discuss the recent white paper from Mandiant about developing a requirements-driven approach to intelligence, challenges organizations face in this area, and the importance of recurring stakeholder feedback to a well-functioing CTI team. Follow Jamie at @TheCollierJam on Twitter. For more on A Requirements-Driven Approach to Cyber Threat Intelligence, please see: https://www.mandiant.com/resources/blog/requirements-driven-approach-cti 

Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach as well as what you can do to prepare for a crisis.

Ryan Tomcik, Dan Fenwick, and Tim Martin join host Luke McNamara to discuss how Managed Defense conducts proactive hunting, illustrated by several UNC961 intrusions. For more, please see: https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivatedFollow Ryan @heferyzan and Tim @Sa1jak on Twitter. 

What role do executives and the board play in cybersecurity and breach management. Hear from Jesse Jordan and Howard Israel of Mandiant discuss their experiences helping executives get the right information from their security leaders and understanding their role during a breach.

The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better.  In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, Head of Product Management, Threat Intelligence, Detection & Analytics for Google Cloud Security, walks through the AI use cases that will help organizations better defend against those attacks.  Hosted by Dan Lamorena, Head of Mandiant Product Marketing.

Mandiant's Kirstie Failey and Jake Nicastro join host Luke McNamara to break down the findings from the 2023 M-Trends report. Kirstie and Jake cover some of the notable trends gleaned from Mandiant breach investigations over the past year around dwell time, ransomware, top initial intrusion vectors, and more. For more on Mandiant's 14th iteration of M-Trends, check out: https://www.mandiant.com/resources/blog/m-trends-2023Follow Kirstie (@Gigs_Security) and Jake (@nicastronaut) on Twitter. 

Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk.Jonathan shares his experiences from BugBounty, penetration testing and working with customers to solve the growing problem of too many CVEs, too little prioritization methods. He walks through the importance of an intelligence-led approach to exposure management, how CISOs can think about their organization and how to make informed business decisions. 

With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions. Follow Jenny on Twitter @j3nnyt0wn and 38 North at https://www.38north.org/ Find Mandiant's full report on APT43 here: https://www.mandiant.com/resources/reports/apt43-north-korea-cybercrime-espionage

Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting things they each observed last year.  Jared covers some of the threat actors that drove last year's trends in observed zero-days, and Maddie highlights how variants of known vulnerabilities and bugs continue to shape the exploit landscape. They also discuss the challenges and trade-offs for defenders that arise from publishing technical details of exploits. For more on Google's Project Zero, check out: https://googleprojectzero.blogspot.com/ For more on Mandiant's research on zero-days in 2022, please see: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware vendors, and how that is impacting the threat landscape today. While this threat has evolved over the years as vendors come and go, Shane highlights drivers to this market and how it may evolve in the years to come. Shane also delves into TAG's recent report on the past year of Russian cyber operations since the invasion of Ukraine, and provides some thoughts on threat activity to anticipate going forward, from supply chain compromises to election security. For more on TAG and Mandiant's analysis of Russian operations since the invasion of Ukraine, check out: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/For more on Google's efforts against commercial spyware: https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/  

Have you ever wondered what a breach is really like from a CISO's perspective?Fred Thiele, CISO at Interactive, joins host Kerry Matre to discuss managing data breaches from his personal experiences.Fred dives into examples from his past, pointing out the depth and long tail of a breach. He explains all of the bits of a breach that go beyond incident response including working with insurance carriers, regulators, crisis communications, and more. He also shares what surprises he has encountered along the way!Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Kimberly Goody and Jeremy Kennelly from Mandiant’s Financial Crime Analysis team join host Luke McNamara to discuss trends in the cyber crime landscape. Kimberly and Jeremy dive into the ongoing nature of banking malware repurposed for other types of financially-motivated crime, SIM swapping, experimentation with file types and post-compromise exploitation frameworks, and more. Of course, the discussion inevitably returns to the topic of extortion and ransomware, and where that might be heading next. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Our latest episode in The Defender’s Advantage Podcast Skills Gap series features Mandiant EVP and Chief of Business Operations Barbara Massa and Director of HR for Google Cloud Margaret Clarke who joined host Kevin Bordlemay to discuss the initiatives from Mandiant and Google Cloud to address the cyber mobilization crisis we are facing. Recent data shows that there are over 700,000 cybersecurity jobs that are unfilled in the US alone, and global estimates show this number is upwards of 3 million. Barbara and Margaret discuss how both Mandiant and Google Cloud are breaking down the barriers to employment in cyber and ensure those interested in employment get the education they need to be successful in the field. They also discuss how organizations should think differently about addressing the talent shortage in cyber security. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

We are kicking off a new year of The Defender’s Advantage Podcast with a new episode of the Frontline Stories series. This week, host Kerry Matre is joined by Mary Writz, SVP of Product for fraud prevention platform Sift for a discussion on fraud. Mary discusses the ins and outs of fraud, including the types of fraud, the industries typically impacted and how fraud connects with cyber security and identity access. She also touches on the skills gap in the fraud space and briefly talks about cryptocurrency. Learn more about Sift at https://sift.com/ and @GetSift. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of the Threat Trends series is the final episode of 2022 for The Defender’s Advantage Podcast. To wrap up our year and provide a glimpse into what we can expect from 2023, Sandra Joyce, VP of Mandiant Intelligence, joins host Luke McNamara for a discussion on some of the highlights from the past year. Sandra chats through aspects of the Russian invasion on Ukraine, activity from the DRAGONBRIDGE IO campaign, and Mandiant’s graduation of APT42. She also discusses the evolution of ransomware and the possibility of threat actors targeting countries with ransomware – as we saw in Albania – could be a trend we continue to see in 2023. Additional trends Sandra mentions include the close association of hacktivist activity with APT activity and North Korea’s continued interest in cryptocurrency. Read more about what else experts predict we can expect in the coming year in Mandiant’s Cyber Security Forecast 2023 Report. Download your copy at https://mndt.info/3FDxQ9n. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features British American Tobacco CISO, Dawn-Marie Hutchinson joins Frontline Stories host Kerry Matre for a discussion on third-party risk management. Over the course of the conversation, Dawn-Marie discusses the approach that she takes in third-party risk management and the process of conducting risk assessments. She also shares how she encourages suppliers to increase their security and how she would ideally allocate budget toward risk reduction. You can follow Dawn-Marie at @Rie_Hutch. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features four members of Team Mandiant who previously served in the United States military and transitioned into careers in the cyber security industry. Skills Gap host Kevin Bordlemay was joined by Paul Shaver, Thomas Worthington, Lauren Krukar, and Brian Timberlake for a discussion on what the transition out of service looks like and the resources that are available to those interested in a role in cyber. The group discusses their tips for military personnel considering a transition out of service and the resources they were able to take advantage of during their transitions, including resume review and SkillBridge. They also give their advice on what questions military members should be asking in interviews to ensure they are finding roles that fit. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they’ve observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29. Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. Additional Resources Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9uListen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2RRead the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjPRead the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk

This week’s episode of The Defender’s Advantage Podcast features Davis Hake, co-founder of cyber insurance company Resilience, who joined Frontline Stories host Kerry Matre for a discussion on the role of cyber insurance. During the conversation, Davis explains the model for how cyber insurance is sold, the application process and how insurance companies work with clients to determine their risks and set rates. He also discusses some of the advances in recent years and those he hopes to see in cyber insurance in the coming years, including global resilience to digital threats. Learn more about Resilience at cyberresilience.com and follow at @ResilienceSays. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. Additional Resources Read Mandiant’s Cyber Security Forecast 2023 Report 

This week’s episode of The Defender’s Advantage Podcast features Mandiant’s Michael Barnhart and Joe Dobson who joined Threat Trends host Luke McNamara for a discussion on recent cyber activity out of North Korea, including the targeting of cryptocurrency. Michael and Joe discuss some of the North Korean threat groups Mandiant is following and a view of the threat landscape in the region. They also chat about the tactics of actors targeting cryptocurrency, which includes applying for roles with companies associated with crypto projects to enable malicious actors within the network. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

On this week’s episode of The Defender’s Advantage Podcast, Mandiant’s Nader Zaveri and Simran Sakraney join Skills Gap host Chris Campbell for a discussion on how the cyber security industry and the companies within it can attract candidates from underrepresented groups and foster diversity. Nader and Simran share their individual journeys into the industry and their perspectives on how organizations in cyber can encourage more women to enter the security field and tactics recruiters can take to engage individuals from non-traditional educational and professional backgrounds. They also outline the various types of roles that live within the cyber industry and some of the transferable skills those just starting in the field can lean on. You can follow Nader at @NaderZaveri and Simran at @SIEMmer_Down. Learn how Mandiant is working to address the cyber security skills gap: https://mndt.info/3T0QjQdDon’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast features Stan Trepetin, Technical Product Manager at Google Cloud, who joined Threat Trends host Luke McNamara to discuss the Threat Horizon’s Report produced by the Google Cybersecurity Action Team. Stan highlights several articles from the latest report in the quarterly series, including a piece on the importance of sharing information on state actor threats and vulnerabilities with the community to better protect your organization. He also details two of his own articles in the report, one on the issues that arise from improper cloud oversight and the other on malicious files and URLs slipping by IT governance controls. Read the latest Threat Horizons Report from the Google Cybersecurity Action Team: https://mndt.info/3Wjb4K6Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

On this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Mandiant’s Fernando Tomlinson and Matt Boyle for a discussion on the value of hiring individuals from diverse professional backgrounds and ensuring accessibility to certifications and tools for those interested in transitioning to the cyber security field. Fernando and Matt share their thoughts on what hiring teams in the industry can do to learn more about an applicant’s analytical or soft skills outside of their resume. They also discuss the tools and resources that are available to foster greater diversity in the industry, which prospective candidates may not have immediate knowledge of, such as topical video libraries, SANS Cyber Immersion Academies and industry conferences.  Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast, Mandiant’s Yihao Lim joins the Threat Trends series to chat with host Luke McNamara about the threat landscape in the Asia-Pacific region. Yihao discusses recent IO campaigns in the region, particularly DragonBridge and HaiEnergy, and how these attacks influence how organizations view disinformation campaigns in APJ. He also discusses the impact of geopolitical drivers, such as Russia’s invasion of Ukraine and tensions between China and Taiwan, impact the cyber security landscape in the region. Additionally, Yihao shares the trends that he sees in the threat landscape and how organizations in the region are approaching security. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

The latest episode of The Defender’s Advantage Podcast Frontline Stories series features Uplight CISO Alex Wood joining host Kerry Matre to discuss how his role has evolved over the course of his career, for example, changes in the CISO reporting structure and the role’s shift to encompass a business focus as opposed to being exclusively technical.  He also discusses his own unique journey from majoring in chemistry to climbing the ranks in cyber security and his advice for those who want to break into the industry. Additionally, Kerry and Alex chat about Colorado = Security, a movement Alex co-founded to highlight the cyber security community in Colorado and bring those professionals in the area together through local events and a podcast. Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

The latest episode of The Defender’s Advantage Podcast features SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade who joined host Luke McNamara to discuss some of the latest research they presented at LABScon, September 20-24.  Juan shares details around his team’s findings on Metador, a threat actor that primarily targets telecommunications and internet services providers, as well as universities in the Middle East and Africa. He discusses a few of the group’s unusual characteristics and also their awareness of operations security and deployment of countermeasures to thwart attribution efforts. Tom joins the discussion to give a glimpse of his LABScon presentation on the cyber mercenary group, Void Balaur. He details what they have seen in the group’s activity as well as what aspects he sees the group evolving in the landscape. Read more about the research on Metador: https://mndt.info/3UJ9XTfRead more about the research on Void Balaur: https://mndt.info/3SMsxYRYou can follow Juan at @juanandres_gs and Tom at @TomHegel. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. mWISE Conference is happening October 18-20. Register today: https://mndt.info/3rh3gdr

The latest episode in The Defender’s Advantage Podcast Threat Trends series features Todd Boppell, COO of the National Association of Manufacturers (NAM), who joined host Luke McNamara to discuss cyber security in the manufacturing landscape. During the conversation Todd shares the top concerns for NAM’s member organizations, how the industry approaches cyber security, and the challenges and opportunities he sees in the space.  Learn more about NAM at https://www.nam.org and follow at @ShopFloorNAM Additional Resources Watch Mandiant’s recent manufacturing focused webinar on-demand now: https://mndt.info/3C1jKN5Learn how Mandiant helps manufacturing organizations monitor, detect and respond to threats: https://mndt.info/3eZwoD0

In this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Dawn Hagen and Kevin Bordlemay for a discussion on diversity, inclusion, and belonging initiatives. The group discusses Mandiant’s internal focus on diversity, including employee resource groups, as well as efforts to build awareness of career paths in cyber security via middle school, high school, and college information sessions. They also discuss ways Mandiant is partnering with external organizations on initiatives to expand diversity in the broader industry, including the Elevate program and Mandiant Gives Back. Dawn and Kevin also dive in to the soft and technical skills applicants may be missing when interviewing for cyber security positions and the internal initiatives at Mandiant to address the skills gap. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. Additional Resources Learn about the Elevate program: https://mndt.info/3RQoMS6Learn about Mandiant Gives Back: https://mndt.info/3EI7ErX Register for pre-conference training, provided by Mandiant Academy, ahead of mWISE Conference: https://mndt.info/3BIN0Id

This week’s episode of The Defender’s Advantage Podcast features Emiel Haeghebaert and Ashley Zaya who joined Threat Trends series host Luke McNamara to discuss Mandiant’s most recently graduated APT group, APT42.  Mandiant has identified APT42 as an Iranian-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government. During the conversation, Emiel and Ashley dig into APT42’s activity and tactics, including spear-phishing and social engineering techniques. They also discuss where the group fits in to the threat landscape and how they see threat actor evolving. Read our blog post detailing our research on APT42: https://mndt.info/3R6Qs4zDon’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This latest installment of the Frontline Stories series, part of The Defender’s Advantage Podcast, features Nucleus Security Co-Founder and CEO Stephen Carter, who joined our host Kerry Matre for a conversation on CISA KEV. CISA’s Known Exploited Vulnerabilities list prioritizes vulnerabilities the agency has determined to be exploited in the wild and mandates that specified U.S. civilian agencies patch the vulnerabilities by a specified deadline. Stephen and Kerry discuss how vulnerability management has evolved and how this effort from CISA helps U.S. civilian agencies as well as organizations globally. Follow Nucleus Security at https://nucleussec.com and follow at @nucleussec. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

The latest episode of the Skills Gap series, part of The Defender’s Advantage Podcast, features Mandiant Managed Defense team members Robert Parker and David Lindquist, who joined host Chris Campbell to discuss what they look for when hiring for their team. They detail the skills they look for most as they interview candidates and their tips for those looking to enhance their marketability in the industry. Robert and David also share instances in which they might shift their requirements of a potential candidate in favor of hiring someone with less experience and building them up. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. Additional Resources Read more about how Mandiant is helping to address the cyber security skills gap: https://mndt.info/3QyO9XL

In the latest Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Teresa Walsh, Global Head of Intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), for a deep dive on the financial services industry. Teresa discusses her journey from roles in government and how her experience has shaped her view of financial services. She also discusses how she sees the threat landscape impacting her customers and how FS-ISAC aids institutions in building resiliency against threats. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts!  

In this week’s episode of The Defender’s Advantage Podcast, Kerry Matre, host of the Frontline Stories series, is joined by Mandiant’s Tim Crothers and Matt Shelton who discuss their role in protecting the company from attackers. Both share their professional journeys, how changes at the company have impacted their responsibilities, and some standout moments they’ve experienced while safeguarding Mandiant, such as the SolarWinds attack campaign. Tim and Matt also detail how they continue to promote security awareness among employees and offer their insights on the steps security and non-security companies can take to ensure that their environments are secure against attackers. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts! 

In the latest Threat Trends episode of The Defender’s Advantage Podcast, Mandiant’s Jon Ford and Stacy O’Mara join host Luke McNamara for a conversation on election security. They discuss how organizations involved in the process of elections should think of cyber security in the lead up to these events, preparedness steps they have seen states take, and the evolution of the federal approach in the United States. Jon and Stacy also discuss some of the federal resources states and local entities can leverage for preparation going into the 2022 midterm elections and the 2024 general election in the U.S. Learn more about Mandiant’s expertise around election security at https://mndt.info/3zEzWCODon’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

All too often, hiring managers find themselves seeking candidates who fit 100% of the description for the role they are trying to fill. Because of this, they overlook a swath of applicants who are good for the job. In this week’s Skills Gap episode of The Defender’s Advantage Podcast, host Chris Campbell speaks with Mandiant consulting team members Dan Nutting, Kal Guntuku, and Chris Linklater about this habit and its contribution to the cyber security skills gap. The group also discusses the skills that companies could weigh outsourcing versus what skills they should consider keeping in-house.  Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast wherever you listen to podcasts! Additional Resources: Read tips from Mandiant's Kevin Bordlemay for candidates on how they can stand out during the application process in this Business Insider article: https://mndt.info/3Ohzezt

In this Threat Trends episode of The Defender’s Advantage Podcast, hear from Michelle Cantos who joins host Luke McNamara to discuss artificial intelligence (AI) in cyber and how adversaries are using AI in their activities today. Michelle details manipulated media techniques such as artificially generated images and vishing, tactics that have been increasingly employed by threat actors. She also discusses how financially motivated actors are seeking to leverage AI capabilities for extortive activity, and what we might expect to see as AI is further applied to cyber espionage operations. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

This special episode of The Defender’s Advantage Podcast features Mandiant CTO Marshall Heilman speaking with Edgard Capdevielle, CEO of Nozomi Networks. The conversation, recorded in-person at RSA Conference 2022, delves into the partnership between Mandiant and Nozomi, and how the organizations can take on escalating cyber risks to secure cyber-physical infrastructure. Marshall and Edgard discuss the trends they are seeing in the industrial and critical infrastructure space and the role of zero trust in how we secure modern day OT and ICS systems. You can learn more about Nozomi Networks at their website: https://www.nozominetworks.com/ Follow Nozomi Networks at @nozominetworks Additional Resources Learn more about the Mandiant Cyber Alliance Program: https://mndt.info/3xnXw5r 

In this week’s episode of The Defender’s Advantage Podcast Threat Trends series, host Luke McNamara is joined by Anne Marie Engtoft Larsen to discuss her role as Danish Tech Ambassador and how the role has evolved since Denmark appointed the first Tech Ambassador in 2017. She chats about her views on cyber diplomacy and the value of partnerships with private sector cyber security companies. Ambassador Larsen also discusses the need for governments to tackle the issue of disinformation, talking specifically about the recent examples we’ve seen around COVID-19 and elections. Learn more about the Strategy for Denmark’s Tech Diplomacy 2021-2023 You can follow Ambassador Larsen at @TechambDK. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

This week’s episode of The Defender’s Advantage Podcast kicks off our new monthly series, Skills Gap, which focuses on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security. Our host Chris Campbell was joined for this conversation by Mandiant’s John Doyle, Principal Consultant, and Matt Shelton, Director of Technology Risk and Threat Intelligence, to discuss talent and bridging the skills gap. The guests share their tips and resources for those interested in getting into the cyber security space and discuss what they look for when interviewing potential members of their teams. Follow John Doyle at @_John_Doyle and Matt Shelton at @mattjshelton. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast wherever you listen to podcasts!  Additional Resources Read the blog, “Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework”: https://mndt.info/3sQVU1gLearn more about Mandiant’s mWise Conference: https://mndt.info/3NeX7XQ Check out Mandiant’s career page to learn about employment opportunities: https://mndt.info/3NcOblJ

This week’s Threat Trends episode of The Defender’s Advantage Podcast features Jacqueline Koven, Head of Cyber Threat Intelligence at Chainalysis, who joined host Luke McNamara to discuss the trends in cryptocurrency and cyber activity. She also breaks down some examples of nation state usage and targeting of crypto and the adoption of cryptocurrency by different threat actors. Learn more about Chainalysis at chainalysis.com and follow them at @chainalysis. Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. 

In this Frontline Stories episode of the Defender’s Advantage Podcast, host Kerry Matre is joined by Joshua Bass, Director of Product Management, and Sarah Korth, Director of Commercial Intel Services, to discuss Mandiant’s Digital Risk Protection (DRP) solution. The group discusses digital risk protection, what it can reveal about cyber threat profiles, and how attackers find weaknesses. They also discuss advancements made in digital threat management, a service included in our DRP solution, such as natural language processing. To learn more, read our blog, “Protecting Supply Chains and Third Party Vendor Connections" Don’t forget to rate, review, and subscribe where you listen to podcasts. Additional Resources Read more about Digital Risk Protection Read more about Digital Threat Monitoring  Learn more about the Defender’s Advantage Cyber Snapshot  

In this week’s Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Jonathan Yaron, CEO and Chairman of Kiteworks to discuss navigating customer trust following a breach. During the conversation, Jonathan talks about lessons learned from the breach he led the company through and what leaders should consider in the event their organization experiences a breach. Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In the inaugural episode of the Frontline Stories series, part of The Defender’s Advantage Podcast, host Kerry Matre is joined by Rob Caldwell, Director of OT/ICS Services at Mandiant. During the conversation, they discuss OT/ICS security and the impact an OT attack can have on an organization. They also dive specifically into the INCONTROLLER and INDUSTROYER2 attacks and how they targeted OT environments. For more information on OT/ICS Security, visit https://mndt.info/3PF5JJD You can follow Rob Caldwell at @robac3. Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In this week’s Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Sam Riddell and Alden Wahlstrom, analysts on Mandiant’s IO team, to discuss what they are seeing in the cyber threat landscape around Russia’s invasion of Ukraine. They talk about what their team has observed in the lead up to the invasion and the activity they have seen in the IO space since. Sam and Alden dive in on the threat actors in the space, the tactics being employed, and where they see the activity moving as the conflict continues. Check out the blog, "Information Operations Surrounding the Russian Invasion of Ukraine" at https://mndt.info/3LumlAq. You can follow Sam Riddell at @RiddellSam and Alden Wahlstrom at @AldenWahlstrom. Don’t forget to rate, review, and subscribe where you listen to podcasts. 

In this week’s episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Doug Bienstock and Josh Madeley, members of the Mandiant consulting team to discuss a new threat actor, UNC3524. Doug and Josh share their observations of the group’s activities and tactics, like the use of IoT devices. Read more about UNC3524 in the team’s latest blog post, “UNC3524: Eye Spy on Your Email”: https://mndt.info/3KCGtQm Follow Doug Bienstock at @doughsec and Josh Madeley at @MadeleyJosh. Don’t forget to rate, review, and subscribe where you listen to podcasts. 

It’s that time of year again: Mandiant has just published its M-Trends 2022 report. With almost 100 pages to unpack in this year’s report, host Luke McNamara is joined by Regina Elwell, Senior Principal Threat Analyst and Kirstie Failey, Senior Threat Analyst, who both contributed to the development of this year’s report.  Among the aspects highlighted during the conversation are notable threat actors, including FIN12 and FIN13, the financially motivated threat groups that Mandiant graduated in 2021. The group also discussed the threat trends and techniques that have been observed during the report period. You can follow Regina Elwell at @ReginaElwell and Kirstie Failey at @Gigs_Security Download your copy of M-Trends 2022: https://www.mandiant.com/m-trends  Read how Mandiant tracks UNCs: https://mndt.info/3xwD9n3Read this blog post to learn more about Cobalt Strike and BEACON: https://mndt.info/3Duxg9QView this webinar to learn more about FIN12: https://mndt.info/38UyDVj Read this blog post to learn more about APT41: https://mndt.info/3JQOpgC  Don’t forget to rate, review, and subscribe where you listen to podcasts. 

This week, host Luke McNamara is joined by Jens Monrad, Director, EMEA, Mandiant Threat Intelligence. The two discuss the evolving threat landscape in Europe following the COVID-19 pandemic and touch on the cyber aspect of Russia’s invasion of Ukraine. You can follow Jens on Twitter at @jenschm. Learn about Mandiant's Ukraine Crisis Resource Center: https://mndt.info/3roZ4JvRead the Mandiant blog, "Responses to Russia's invasion of Ukraine Likely to Spur Retaliation": https://mndt.info/3IM8Co5Don’t forget to rate, review, and subscribe on the platform where you listen to podcasts. 

Looking for Eye on Security? We are still here, but with a few important changes. This week we're launching Mandiant's new Defender's Advantage Podcast featuring the same great content you've come to expect from us and even more.Host Luke McNamara anchors our Threat Trends series, chatting with Mandiant intel analysts, consultants, and researchers, as well as external practitioners and leaders in cyber security, all through a threat-focused lens.And Mandiant's Kerry Matre joins to host monthly conversations with Mandiant customers and industry experts who will share their experiences and stories from the frontline of cyber security as part of our new Frontline Stories series.Stay tuned for our inaugural Threat Trends episode later this week.

In this episode, Ryan Tomcik, Emiel Haeghebaert, and Tufail Ahmed joins host Luke McNamara to discuss their blog post detailing their investigation on the activity of UNC3313. The group details the collaboration between their respective teams at Mandiant to detect and respond to an intrusion by the threat actor.Read their blog post, “Left on Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity,” at https://www.mandiant.com/resources/telegram-malware-iranian-espionage

In this episode, Mandiant Principal Analyst Cristiana Brafman Kittner joins host Luke McNamara to discuss the potential cyber threats to the 2022 Winter Olympic Games. The conversation delves into cyber incidents attached to previous games as well as what we could see this year at the games being held in Beijing.

Host Luke McNamara is joined by Michelle Cantos, John Doyle, and James Sadowski to discuss the role of contractors in cyber network exploitation (CNE) and other cyber operations. For further reading on this topic for Mandiant Advantage and MA Free users, please see  “She Doesn’t Even Go Here: The Role of Contractors in the Cyber Landscape” at https://advantage.mandiant.com/reports/21-00013849. Register today for Mandiant Threat Intelligence Free. 

For our last episode of the year, Mandiant CEO Kevin Mandia joins host Luke McNamara for a year in review of 2021. The discussion includes a look back at the SolarWinds incident one year later as well as look forward to 2022 with the three things that are top of his mind going into the New Year. Additionally, Kevin touches on the future of Mandiant and the Mandiant Advantage platform.

Columbia University researcher Jason Healey joins host Luke McNamara to discuss how cyber policy has evolved over the years, the dynamics of cyber conflict, and more. In particular, this conversation delves into the risks of escalation in a crisis, how norms may (and may not) shape such conflicts, and changing the role between defense and attack. 

Jake Knowlton, Andy Schmidt, and Paul Shaver join host Luke McNamara to discuss making the transition from the military to working in cyber security. Jake, Andy, and Paul share their perspectives and how they became involved in this field, some of the challenges veterans might face, and how veterans can position their prior experience for roles in infosec. For more on Mandiant’s partnership with VetSec, please see this blog post: https://www.mandiant.com/resources/mandiant-collaborating-with-vetsec-to-train-us-service-members-veterans 

Jared Semrau and James Sadowski join host Luke McNamara to discuss some of their teams’ research this year into the rise of observed 0-days and other exploitation trends. They cover how the vulnerability landscape has evolved over the years, what has made 2021 stand out so far, and how the nature of threat activity—particularly the growth of ransomware—has shifted the makeup of actors in this space. For Mandiant Advantage users, please see related reporting mentioned in this episode: Patch Me If You Can: Analyzing Trends in Time to Exploit (Q1 2020 Through Q1 2021)Shut the Front Door: VPN Vulnerability Exploitation Trends, January 2019 – June 2021

While the broader discussion of cyber-related incidents, events, and trends are contributed to by many different types of organizations and individuals, journalists play an important role in furthering our collective understanding of this space. Journalist Kim Zetter joins host Luke McNamara on Eye on Security to share her perspective in covering cybersecurity as a journalist. Kim discusses how the cybersecurity beat has evolved over the years, where she gathers information to write stories, and some of the themes she sees in the current conversation about cybersecurity issues. 

For the launch of Mandiant’s most newly graduated threat group, FIN12, Kimberly Goody (Director, Financial Crime Analysis) and Josh Shilko (Principal Technical Analyst, Financial Crime Analysis) join Eye on Security to discuss this actor. They cover this group’s TTPs and targets, where they fit into the ransomware ecosystem, and what makes this particular threat actor unique in the landscape.  

Host Luke McNamara is joined by Eli Fox and Michael Barnhart, both Senior Analysts at Mandiant, to discuss some of their work tracking various North Korean threat clusters. Michael and Eli share their perspectives on the continuously changing landscape of DPRK threat actors, some of the challenges in tracking them, and how information from defectors augments the technical data in their analysis. They share several stories of recent campaigns and delve into where some of these threats may be headed next.

This episode of Eye on Security delves into a security topic that continues to be front and center for many organizations: ransomware.  Dave Wong, Vice President for Mandiant Consulting, joined host Luke McNamara to discuss some of the recent changes with threat activity in this space. Dave covered where the trends in ransomware operations have taken us over the last year and a half, with increasing ransom price demands and the frequent extortion over stolen data from the victim. Dave and Luke also chatted affiliate models common and the fluid nature of many ransomware families, as new malware emerges and others seemingly “go dark”. Dave discussed his visibility into ransomware negotiations, sharing examples of his experience in dealing with these threat actors. He also highlighted important preparedness steps organizations can take beyond technical hardening by considering strategies of how they might approach dealing with a threat actor in a ransomware scenario. Finally, Dave and Luke touched on what changes might be seen as threat actors continue to evolve TTPs and extortion methods.  For further insights into ransomware negotiations, check out this Daily Beast interview with Dave: https://www.thedailybeast.com/inside-a-ransomware-negotiation-this-is-how-asshole-russian-hackers-keep-shaking-down-companies

Whether it’s shipping disruptions caused by the COVID-19 pandemic or compromises into software platforms used by hundreds of organizations, supply chain issues are back in the spotlight. In this episode of Eye on Security, host Luke McNamara is joined by Bryan Ware, CEO of Next5 and former Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). Bryan shares his perspective on the state of supply chain security, including the current challenges bringing this issue to the forefront now, different ways to think about supply chain issues, and steps organizations can take to mitigate their risk in this space.

While much of the discussion around modern ransomware campaigns has centered on threat actors from Eastern Europe and Russia, this episode highlights some of the lesser-known activity in a different region and explores how nations may experiment with asymmetric cyber capabilities in the future. In this episode of the Eye on Security podcast, host Luke McNamara sits down with Sanaz Yashar (Manager, Mandiant Intelligence) and Matan Mimran (Principal Analyst, Mandiant Intelligence) to discuss some of their research into Iranian threat actors leveraging ransomware and other cyber-crime tactics. Sanaz and Matan walk through campaigns they have witnessed from several UNCs that have impacted organizations in Israel and elsewhere, examining evidence for why these incidents could be part of a trend towards using ransomware for purposes other than financial gain.

Host Luke McNamara is joined by Jeff Compton, Senior Manager for Mandiant’s Intelligence Capability Development team to discuss the focus of his team in helping customers build threat intelligence programs and how the needs of customers in this space continue to evolve, and how the regulatory landscape is driving change in particular regions and industries. One of the things that Jeff in particular highlighted is the importance of having a threat intel function that supports more than just the SOC, but broader stakeholders across the organization as well. Translating cyber threats into risk particular to the customer is a big focus of Jeff’s team, woven throughout their range of functions. 

In response to an increasing demand to fill the CTI skills gap, Mandiant has made a commitment to arm organizations around the world with skilled security teams to succeed on the fast-evolving threat landscape. Host Luke McNamara is joined by Shanyn Ronis, Manager, Intelligence Training Program to discuss the official launch of Mandiant On-Demand Cyber Intelligence Training. Backed by 15+ years of frontline expertise and accessible 24/7, this on-demand training provides a cost-effective approach that empowers cyber security teams to effectively use intelligence across different job roles, at different skill levels.

On this episode we have Daniel Kappelman Zafra, a manager on Mandiant’s Cyber Physical Threat Intelligence team, to discuss a recent blog he and has team have released on the trend of lower sophistication threat actors targeting operational technology (OT). We discuss a precursor blog they put out last year, specific to this trend and the usage of ransomware by financially motivated actors to OT, and we talk about what Daniel is seeing change in this space. Our conversation touches on the various motivations that appear to be shaping this activity, and what it means for the potential proliferation of this as a tactic for hacktivists, opportunistic threat actors, and more. One of the things that I think really comes across in this episode is the thoughtful analysis that Daniel and his team apply to ascertaining the drivers of this trend and where it may be going. It’s an insightful look into an area of threat activity we will likely continue to see headlines around this year.  For more information on the discussion in this episode of Eye on Security, please check out the aforementioned blogs: -  https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html- https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html 

Host Luke McNamara is joined by Paul Tumelty, Government Security Manager, to discuss how Mandiant is partnering with governments in EMEA to help foster cyber capacity building in nations across the region. Paul walks through how governments are thinking about this, from the crafting of high-level strategies to working through the tasking of the appropriate entities for cyber defense, and establishing relationships with the private sector and beyond. Paul also highlights some of the challenges—and even advantages—that various nations may have depending on where they are in their journey of establishing a government framework to better address a changing threat landscape, especially in areas such as critical infrastructure protection. What Luke found particularly interesting and exciting about the work Mandiant is doing in this space is the holistic approach Paul and his team are taking—beyond just ensuring the implementation of the right technologies—but looking at every aspect of what contributes to a nation’s strategy to continuously provide for a defense that can meet emerging threats. Luke and Paul even discussed the importance of early education initiatives to help foster the future workforce as part of capacity building. 

In the latest episode of Eye on Security, we invited Jens Monrad, Head of Mandiant Threat Intelligence, EMEA to join Luke for a conversation on how the threat landscape has changed in the past year and how it continues to be impacted by the ongoing pandemic.  We reviewed the cyber events of the past year: pandemic-themed phishing, multiple APT campaigns against vaccine research and development, and ransomware targeting healthcare systems. Jens revealed that the biggest change still impacting the cyber threat landscape is the sheer volume of people working from home. He also highlighted the potential increase in the cyber criminal ecosystem due to job losses, and how individuals might turn to cybercrime in order to make money. Check out the episode now to hear how the pandemic has impacted APT activity and disinformation campaigns. Jens also shares a unique piece of advice on the threat landscape that is helpful to remember as we all work to better secure our environments. For additional information on how the pandemic and more is influencing the cyber threat landscape, check out our latest M-Trends 2021 report. 

Mandiant Advantage, our SaaS platform, was always intended to house more than just our threat intelligence—and now it does. With the addition of Mandiant Automated Defense and Mandiant Security Validation, we are continuing to roll out new features in a platform that is easily accessible, as well as easy to deploy and scale.  Mike Armistead, SVP of Mandiant Advantage Products, joined host Luke McNamara to discuss what security teams will be able to do with these new features. Mike joined FireEye during the Respond Software acquisition, in which Respond’s solution became what is now known as Mandiant Automated Defense. Mike shared how the addition of Mandiant Automated Defense to the Mandiant Advantage platform enables the automation of tier one triage alerts.  One thing that really stuck out about their conversation is how weaving together Mandiant Automated Defense, Mandiant Security Validation, and Mandiant Threat Intelligence helps organizations prioritize threats that matter to them, fast. Listen to this episode to get a walkthrough of how a SOC analyst can use the Mandiant Advantage platform to access intel about an alert they receive. You’ll also get a glimpse into what’s next for the Mandiant Advantage platform. 

Have you ever wondered what it takes to develop our annual M-Trends report? The short answer is: a whole lot! Our host Luke McNamara asked Regina Elwell, Senior Principal Threat Analyst on the Advanced Practices Team, and Steve Stone, Senior Director for Advanced Practices, to take us behind the scenes so we can see exactly what goes into building an edition of M-Trends.  Steve started by discussing the sheer amount of data collection that is required, and how the team has to pore over this data—which comes directly from our incident response investigations—to determine what is a trend and what is not. Regina and Steve also touched on the evolution of the report from its first iteration in 2011. Not surprisingly, the reports have gotten more robust and include new data points almost every year.  We also discussed some of the highlights from our latest report, M-Trends 2021, and interpreted some of the key findings, including drops in median dwell time, increases in internal detections, impact of ransomware, and notable malware families from 2020. Additionally, we covered some of the process and approach Mandiant puts into grouping new threat groups (UNCs) and Steve and Regina’s favorite threat actors. Listen to the podcast now, and when you’re done, read the full M-Trends 2021 report. 

We are wrapping up our “Big Four” series with a country that has beenone to watch for quite some time: Russia. And who better to join mefor this episode than our Vice President for Mandiant ThreatIntelligence, John Hultquist.We started off this episode discussing how Russian cyber threatactivity evolved to what we know today, from the days of MoonlightMaze and Agent.BTZ. We then shifted the conversation to some of themost notable Russian threat groups and the difficulties of assigningattribution at the organizational sponsorship level. While many APTgroups from the “Big Four” may blend together various types of threatactivity, Russia has utilized a particularly interesting mix of cyberespionage, information operations, and disruptive attacks over theyears.John brought up many notable Russian incidents, including: theOlympics, the Ukrainian power grid, the targeting of elections, andthe SolarWinds supply chain breach. We also discussed some of thechallenges in communicating threat intelligence to both customers andwider audiences. To cap off the series, John delved into howorganizations should think about not only Russian threat activity, butthe operations and campaigns from North Korea, Iran, and China.You can stay ahead of threat actors like those from the “Big Four” byjoining Mandiant Advantage Free where you’ll have access toup-to-the-minute threat intelligence: http://feye.io/MA

The third installment of our “Big Four” series on China is filled withso much great information that it’s our longest episode yet. LloydBrown, Principal Analyst for our Custom Intel Team, and ScottHenderson, Principal Analyst for our Cyber Espionage Team, joined ourhost, Luke McNamara to peel back the layers of China’s cybercapabilities.Similar to past episodes in this series, we started at the beginningof China’s cyber operations—dating back to 2003. Scott and Lloyd tookus through a detailed look at all the stages of China’s operations,including the shift in 2015/2016 from being “clumsy and noisy” tostealthy. Lloyd brings up a great point that’s worth hearing abouttheir use of CVE exploits (which came into play with the recentMicrosoft Exchange server exploits).We also discussed how China’s cyber activity is driven by economicinterests such as the Belt and Road initiative, the nature of theiroperations surrounding global elections, APT41’s cybercrime activityin addition to cyber espionage, and where they think China’soperations are headed. You’ll definitely want to stick around to thevery end. Since our initial recording occurred before the MicrosoftExchange exploits, Luke decided to follow up with Lloyd to get histake on HAFNIUM and the UNC groups we’re tracking related to thatactivity.Know the threats that affect your organization with up-to-the-minutethreat intelligence by signing up for Mandiant Advantage Free:http://feye.io/MA

How does Reddit handle malicious or suspicious coordinated activity ontheir platform? Our host Luke McNamara asked Aylea Baldwin, ThreatIntelligence Lead at Reddit, to answer that question and more duringthis episode of Eye on Security.During the discussion Aylea shared a few ways Reddit is uniquecompared to other social media networks—its tolerance for varyinglevels of behavior on different communities, the lack of user datacollection, and the way posts are amplified through voting. The votingfeature is unique to Reddit and Luke was curious to know how threatactors leverage it as part of their influence campaigns. As it turnsout, the answer to that question isn’t so simple since foreign actorshave to get buy-in from people to up-vote their posts.We ended our conversation with Aylea’s thoughts on the future ofdisinformation and deep fake technology, which is a concern in thesecurity and many other industries, and something that can have a hugeinfluence on sites such as Reddit.

Did you know that women are disproportionately affected by cybercrime,cyber stalking, cyber bullying, cyber harassment, and image-basedsexual abuse? We asked Cris Kittner, Principal Analyst at MandiantThreat Intelligence, and Lillian Teng, Director of ThreatInvestigations from Verizon Media to join us for a discussion aroundtheir recent talk on digital safety for women and practical strategieswomen of all ages can take to increase their online safety.Cris and Lillian provided their reasons and motivations for puttingtogether the talk, which they first presented at the Grace HopperCelebration in 2020. They highlighted the connection between physicaland cyber stalking and the need for these conversations to benormalized. Far too often, Cris and Lillian heard from youngprofessionals that they believed the cyber harassment that washappening to them in the workplace or at conferences was “normal.”To combat the issues many women are facing online, Chris and Lillianprovided a list of practical considerations that women should follow,such as using a password manager, knowing what permissions are beinggiven to third-party applications, understanding that Snapchat imagescan be recovered, adjusting (or eliminating) location tags, and how toreport abuse happening on social media sites.Listen to the episode today for online safety strategies that can helpyou or a loved one stay safe online.

We’re back with the second episode of our “Big Four” series focused onNorth Korea, Iran, China, and Russia. We honed in on Iran for thisone, and to help explore their cyber capabilities, we invited SarahHawley, Principal Analyst for Mandiant Threat Intelligence, and LeeFoster, Senior Manager of Information Operations Analysis.Sarah kicked off the episode by providing an overview of Iran’s pastoffensive cyber activity and how these capabilities have developedover the years. Lee shared how they have also grown their usage andwillingness to use information operations (IO) and how his teamapproaches attribution and analysis of this disinformation activity.We then touched on drivers of Iranian cyber threat and their apparentincreasing willingness to target democratic processes. Sarah alsodiscussed Iran’s destructive activity going after industrial targetsin the oil and gas sectors through password spraying and spearphishing operations.As always, we closed out the episode with thoughts about what Sarahand Lee think we might see from Iran’s cyber operations in the comingyears. Listen to hear their predictions and stay tuned for ourupcoming episodes on China and Russia.Listen to the podcast now, check out the “Big Four” episode on NorthKorea if you haven’t already, and then head over to our Eye onSecurity page for even more episodes.

“Legitimate access rules the threat landscape”, says Jon Ford,Managing Director at Mandiant. In addition to loss of intellectualproperty, malicious insiders are increasingly impacting organizationalreputation, customer trust and investor confidence. There’s a lot moreto insider cyber security threats than disgruntled employees, which isthe first thing that comes to mind for most when they think of thisthreat. Jon Ford, Managing Director of Mandiant, and Johnny Collins,Director of Mandiant, joined us to break down what insider threats areand the trends Mandiant is seeing in recent investigations.Johnny began by defining insider threats—from unintended linkclicking, all the way up to human enabled technical operations (thinkmeet-ups in parks while avoiding all electronic communications thatyou see in movies). Both Johnny and Jon shared how organizations onthe commercial and government sides are thinking about insider threatsas part of their overall risk and security posture, and how clientsare approaching insider threat security from a behavior-focusedapproach as opposed to targeting or profiling individuals.Then we got to the good part: stories from recent investigationsthey’ve worked on through Mandiant’s Insider Threat Security Servicesofferings. You might be surprised by the outcomes of a few of them.Johnny and Jon went on to highlight the various tiers of Mandiant’sInsider Threat Program Assessments and Mandiant’s Insider ThreatSecurity as a Service offering with Mandiant Intelligence. Johnny andJon close with shared thoughts on the growing Insider Threat trendswe’ll see in the near future.

While many cyber threats and security issues are universal andexperienced by organizations in any part of the world, some are morecommon to a particular region than others. Host Luke McNamara invitedRyan Goss, Vice President for Latin America & the Caribbean, and JuanCarlos Garcias Caparros, Director of Mandiant Consulting for LatinAmerica and the Caribbean, to talk specifically about cyber securityin Latin America.Juan Carlos shares what threats we’ve seen our customers face in LatinAmerica. He also discusses the security culture in Latin America,comparing maturity of organizations to those in United States orEurope. We also explore whether attitudes are shifting around cybersecurity in boardrooms. Ryan believes it’s moving in a good direction,but that many companies still treat cyber security as an afterthought,which leads to lower overall budgets and forces security teams tofocus on solutions that are “good enough” or at least allow them to“check the compliance box”. Thus the importance of FireEye leadingwith Mandiant Services and establishing ourselves as trusted advisorsand true partners for our customers.We wrap up the episode by touching on cyber training, securityvalidation and unexpected activity from North Korea targetingfinancial institutions throughout Latin America.

We’re kicking off Eye on Security in 2021 with a nation-state-themedminiseries that focuses on the big four, which we recognize as NorthKorea, Iran, China and Russia. In this episode, host Luke McNamarainvited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,onto the podcast to talk about North Korea.Fred started our discussion by providing some background on thecountry, how it operates geopolitically, and why they’ve shifted theirfocus to a cyber capability. We also review their early cyberoperations that primarily targeted South Korea and their expansion tothe U.S. private sector with the Sony hack. Since then, North Koreacontinues to be active in both financially-motivated andespionage-related operations.There are a lot of behaviors that make North Korean cyber operationsunique, due in part to the country being very closed off. Their cyberoperations have demonstrated rapid shifts in targeting, which likelycomes at the request of the regime. We most recently saw this withtheir targeting of COVID-19 research and vaccine distribution. NorthKorea hasn’t publicly reported on any COVID-19 cases, so their cyberbehavior offers us a glimpse into what might actually be going onwithin the country.As always, we like to predict what we’ll see next in a region or froman actor. In this case, Fred says it’s quite difficult to know whatNorth Korea is up to next. Find out why when you listen to theepisode.

As the COVID-19 pandemic continues, cyber threats have worsened forsome industries across the globe. Universities with medical andresearch facilities are increasingly being targeted by threat actorsbecause of the critical and valuable work they do surroundingpandemic. Host Luke McNamara invited Monte Ratzlaff, Cyber RiskProgram Director at the University of California Office of thePresident, to join us for this episode of Eye on Security so we coulddiscuss the important research they secure.Monte and Luke reviewed the types of data UC protects, which includesprotected health information, payment card data, student data andresearch data. Even with all that data, the threats UC faces are stillquite similar to what many other organizations face: phishing,ransomware and nation-state attacks.We shifted our discussion to the challenges of securing COVID-19research; especially at a time where ransomware is particularlyrampant. Monte emphasized the critical need for organizations to knowtheir environment and have plans in place in case attacks get throughdefenses.Listen to the episode to hear insights on securing medical devices andwhy Monte wouldn’t be surprised to see an uptick in insider threats asa result of a larger remote workforce.

With 2020 coming to an end, we’ve released our 2021 cyber securitypredictions report, videos with our senior leaders and more. Our host,Luke McNamara asked General Earl Matthews, VP, Strategy for MandiantSecurity Validation to join him on 'Eye on Security' to discuss whatwe can expect in the cyber space heading into a new year based on thethreat activity we’ve seen recently.Ransomware isn’t going away any time soon, so Luke asked GeneralMatthews how he’s seen executives react to this new type of threat andif that has impacted how they think of security. We also explore theincreasing risk ransomware poses to operational technology based onsome of the ransomware campaigns we have seen this year.We also talk in depth about third-party risk—a risk that’s been aroundfor a long time, but that we’ll see increasingly exploited by threatactors. General Matthews also shared some personal stories about histime as a CISO that you won’t want to miss.General Matthews and Luke finish their chat with an interesting lookat which industries have adopted security validation and the benefitsof this solution for providing proof of security effectiveness.

In this episode, we have something a little different. We're excitedthat Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, hasjoined host Luke McNamara to share a different perspective on many ofthe same cyber security stories and events that we work on in parallelhere at FireEye.Sean and Luke kick off their conversation by discussing which storiesSean considers top priority. These days his mornings entail reviewingelection security, and then he starts chasing the timely stories hefinds most interesting. Sean also shared the difference between whatis news and what is research when it comes to writing a story.With the election being so close, we of course turned to the topic ofdisinformation. Sean shared the difficulties of writing aboutinformation operations and his approach of attempting to report on itwithout amplifying fear or paranoia. We also explored the impact andintent of these operations.Listen to the episode to hear Sean’s thoughts on the future of mediaand news consumption, and the cybersecurity topics he thinks we willbe reading about in the news in the coming year.

Our customers expressed a desire for faster access to our intelligenceto focus on threat activity that matters to them, so we launchedMandiant Advantage. Mandiant Advantage is a new SaaS platform thatallows our customers to engage across all areas of our expertise,starting with threat intelligence.For this episode of ‘Eye on Security’, our host, Luke McNamara isjoined by Jon Heit, Senior Manager of Intel Product Management, andJeff Guilfoyle, Principal Product Manager. We start by looking back atwhere the idea for Mandiant Advantage came from and the problems theplatform aims to solve. One of the features we’re most excited aboutis that our customers can get a visual representation of disparatepieces of discovered threat actors, malware, vulnerabilities allconnected together regardless of the products and tools deployed. Wealso explore the graduation process of adversarial group FIN11 and howMandiant Advantage will allow customers to continuously exploreactivities of thousands of actors.Listen to the podcast to hear how Mandiant Advantage can provide yourorganization a front row seat into frontline threat intelligence tofocus on threats that matter to you.

The cyber skills shortage is a real problem. There just aren’t enoughqualified people to adequately meet the cyber security needs of allorganizations, and the problem is only expected to get worse. One ofthe ways we address this challenge at FireEye is through internal andexternal training courses. We invited two people involved in thoseefforts to join our host, Luke McNamara for this episode of Eye onSecurity: Dawn Hagen, Senior Director of Learning and Development, andDr. Brett Miller, Managing Director at Mandiant.They spoke about the evolution and range of training that includesproduct and product-agnostic courses. Brett shared insights on how weadapted our courses to meet customer needs and market demands—effortsthat include opening up our training to individuals as well as thegeneral public. Dawn also noted that we have developed curriculaalongside clients who have requested custom courses, and that wecontinue to teach some of these courses to this day.Of course things are changing. While most of our training wasin-person for both internal and external courses, we have pivoted tovirtual training in light of recent global events. Currently, about 60percent of our courses are available online, and we expect many ofthese courses to remain online indefinitely—while still maintainingthe same quality as in-person classes.Listen to the episode to dive into the development of our courses,hear about our lab to lecture ratio, and find out why we’ve shifted toensuring students are able to perform tasks instead of just having theknowledge to do it. And for more information about individual trainingcourses available to the public, check out our training schedule:https://feye.io/30o4Zke

Ransomware continues to be one of the most significant cyber securityissues affecting organizations today. The attack is very effective andcan be carried out relatively cheaply, making for larger net profits.With no end in sight to this nasty threat, Luke McNamara, our host andPrincipal Analyst for FireEye, spoke with someone who has a front-rowseat into how organizations think about ransomware and other similarthreats. For that we turned to Charles Carmakal, our SVP & CTO forMandiant, and one of our leading incident response experts.On this episode of our Eye on Security podcast, Charles and Lukeexplore the rise and evolution of ransomware—from the early days ofthreat actors automating ransomware infections without knowing whotheir victim was, to the more recent trend of breaking intoorganizations with known vulnerabilities, taking critical data,deploying encryptors and asking for much more money.They then turn their discussion to the C-suite. Charles sharesperspectives from the board when it comes to cyber threats, notingthat while leadership is much more aware of cyber security and riskmanagement than they were in the past, many still won’t understand thegravity of the situation until it’s happening to them.Closing out the conversation, Charles shares customer storiesinvolving nation-state intrusions, the use of public offensivesecurity tools by nation-states, and the struggles organizations havehad securing their now remote workforces.

Information operations (IO) gained prominent public attention in 2016during the U.S. general election. Since then, new campaigns havecontinued to be exposed, and the tactics actors employ have evolved.In this episode of 'Eye on Security', Lee Foster, our Senior Managerof Information Operations Intelligence Analysis, joins host LukeMcNamara to talk all about disinformation, a recent influence campaignthat we refer to as Ghostwriter, and what we could see play out in the2020 general election.We start with Lee sharing overall trends and changes in IO that histeam has observed since early 2016. We then discuss the increasingusage of synthetic media (“deepfake”) images that threat actors areemploying in their campaigns, and how fabricated content is leveragedin coordinated inauthentic activity across forums and social media.Moving on to Ghostwriter, Lee describes all the tactics, techniquesand procedures related to this recent influence campaign, and goes onto compare this activity to another well-known IO campaign: SecondaryInfektion.Finally, no chat about disinformation would be complete withoutdiscussing how it could play out during the 2020 U.S. generalelection. Check out the episode today to hear Lee’s predictions forthe upcoming election and what the future holds for informationoperations in general.

The Strategic Analysis team at Mandiant Threat Intelligence examineshundreds of discrete data points from numerous sources, distillingtrends from that raw information to identify the most important,common, and damaging cyber threats clients should prioritize in theirdefensive strategies. That’s what we’re talking about on this week’sepisode of Eye on Security with our guest Kelli Vanderlee, Manager ofStrategic Analysis at FireEye.Kelli shares the types of topics the team covers, including industryand geographic-based reporting, trend analysis looking at theevolution of actor types or tactics over time, and examinations ofcyber risks associated with common business situations, such asmergers and acquisitions. Kelli and Luke also discuss the evolvingrole of Chinese cyber espionage actors and how they may be becomingmore aggressive and risk-tolerant than previously believed. We alsodelve into how the Belt and Road Initiative is driving cyberespionage—from China and other nations. In terms of the geopoliticsdriving cyber activity, Kelli believes we will continue to see morenation-states invest in cyber capabilities, as the rewards for thistype of activity often outweigh the risks.Listen to the episode to learn more about strategic analysis and thetrends Kelli’s team is tracking in 2020.

You’ve heard of security validation and know that it’s necessary totest your security effectiveness, but do you know how our teamdevelops the right attacks to test your controls against threatactivity we see in real life?On this episode of our Eye on Security podcast, Henry Peltokangas,Director of Product Management, and Nart Villeneuve, Director ofResearch & Collections, give us an inside look at what goes on behindthe scenes at Mandiant Security Validation.We begin our chat by discussing some of the key benefits of securityvalidation. We then dive into the research Henry’s team conducts totake tactics and techniques that adversaries use in the real world andreplicate them within the Mandiant Security Validation platform.Nart and Henry go on to discuss how Mandiant Security Validationreplicates adversary activity across every stage of the attacklifecycle, and then explain exactly why that is important. Finally, wewrap up the episode by previewing some new features in upcomingreleases, and how Henry and Nart see security validation evolving inthe future.To view the whitepaper mentioned during the episode, visit:https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html

In the latest episode of Eye on Security, our host Luke McNamara talksall about the world of operational technology (OT) and cyber physicalsystems with one of our foremost experts on the topic: NathanBrubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.Nathan kicked off the chat by explaining what exactly we mean when weuse the term ‘cyber physical.’ They then turned their attention torelated threats. As it turns out, there are far less attempts byattackers to target these systems than one might believe. Nathan wenton to discuss some of the fundamental differences between OT andinformation technology (IT) systems, and then explained how OT isbecoming more similar to IT, which makes those systems more vulnerableto compromise. Fortunately, even though OT security typically lagsbehind that of IT systems, it’s definitely moving forward in the rightdirection.Listen to the podcast today, and check out the following blog postsreferenced by Nathan during the episode:• Financially Motivated Actors Are Expanding Access Into OT: Analysisof Kill Lists That Include OT Processes Used With Seven MalwareFamilies: https://feye.io/2Wn6jlr• Monitoring ICS Cyber Operation Tools and Software Exploit Modules ToAnticipate Future Threats: https://feye.io/2B5WrVI• Ransomware Against the Machine: How Adversaries are Learning toDisrupt Industrial Production by Targeting IT and OT:https://feye.io/3j4l1Y5• The FireEye Approach to Operational Technology Security:https://feye.io/2DImy5T• TRITON Actor TTP Profile, Custom Attack Tools, Detections, andATT&CK Mapping: https://feye.io/2Wk58CX

We commonly see the same threat actors, techniques and malware poppingup in all corners of the globe, but that doesn’t mean each regionisn’t affected differently. In this episode, our host Luke McNamara,Principal Analyst for Mandiant Threat Intelligence is joined by YihaoLim, Principal Analyst for Mandiant Threat Intelligence, to discusscyber security and threats related specifically to the Asia Pacific(APAC) region.

COVID-19 has brought on a rapid shift to remote work. Manyorganizations were unprepared, so they quickly turned to collaborationplatforms that could help employees get back to work. But with moreapplications comes a bigger attack surface.On today’s Eye on Security podcast, Luke McNamara, Principal Analystfor Mandiant Threat Intelligence talks with Marcus Troiano, ManagingConsultant for Mandiant, about collaboration platform security.We begin the episode by discussing overall best practices forcollaboration tools, including those used for chatting, video andaudio conferencing, and file sharing. The increased use of these toolshas made them a bigger target of attackers and organizations need toensure employees are aware of and protected against relevant threats.Later in the episode, Marcus and Luke discuss issues surrounding theuse of personal devices for work, which can lead to issues such asaccidental data leakage. We also provide a list of recommendations onhow to keep virtual meetings secure so no one can listen in on ameeting, as well as how to properly share a screen withoutinadvertently disclosing confidential data.Listen to the episode today, and check out our related blog post foreven moreinformation:https://www.fireeye.com/blog/executive-perspective/2020/04/security-best-practices-for-collaboration-platforms.html

COVID-19 has rapidly taken over the headlines across the globe. Aswith many other major events, threat actors are quick to adaptrelevant topics as part of their phishing campaigns to increase thelikelihood of success. The same rings true for COVID-19, especiallydue to its global impact.On this latest Eye on Security podcast, John Atrache, PrincipalConsultant for Mandiant, joins me to discuss all things email in thetime of COVID-19. We cover a variety of topics, including how threatactors are continuously updating their phishing campaigns as newdevelopments around the pandemic arise. We also cover the importanceof organizations increasing their vigilance during these challengingtimes, and how to implement quick and effective hardening controls tomitigate the risk of successful phishing attack.Listen to the episode today, and then learn even more by checking outour blog post on COVID-19 themed phishing attacks and how to manageemail phishing risks:https://www.fireeye.com/blog/executive-perspective/2020/03/managing-email-phishing-risks.html

We are back with the second part of our M-Trends podcast where LukeMcNamara, Principal Analyst continues discussing highlights andinsights from this year’s report with Jurgen Kutscher, EVP of MandiantSolutions.We pick back up with the nature of multiple attackers in anenvironment—notably, whether or not they are aware of other attackersin the environment and if they are collaborating. Jurgen thendiscusses the rise of insider threats and how organizations canimprove the monitoring and detection of insider threats.Ransomware use continues to rise—attackers are having success andgenerating revenue, so we don’t expect this trend to level off anytime soon. Jurgen provides steps that organizations can take to reducetheir risk of falling victim to ransomware, and suggests organizationstake a look at our ransomware white paper for more containmentstrategies:https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/wp-ransomware-protection-and-containment-strategies.pdfCheck out our podcast today, and also hear Jurgen’s top cyber securityrecommendations for 2020.

FireEye released M-Trends 2020 earlier this year to provide visibilityinto frontline investigations of the most interesting and impactfulcyber attacks of the year. In this first episode of our two-partM-Trends 2020 podcast, Luke McNamara discusses the report with JurgenKutscher, EVP of Mandiant Solutions.We begin the episode by highlighting the key themes from M-Trends2020, such as dwell time and the continued exploitation of legitimatecredentials. Jurgen discusses the decrease in dwell time and whetherit’s due to organizations getting better at detections or the changingnature of attacks. You’ll also hear about trends in cloud security andrecommendations for the healthcare industry when it comes to cloud, aswell as insights into compromise detection by third parties.Listen to the podcast today to dive into M-Trends 2020, and be sure totune in for part two where we discuss insider threats, ransomware, andJurgen’s recommendations for the year ahead.

Cloud security is more important today than ever before. Luke McNamarawas joined once again by Martin Holste, CTO for Cloud at FireEye,Chris Schreiber, FireEye product strategist, and JR Weiks, FireEyesecurity principal engineer.In this second of two podcasts on cloud security, they examine how thepoint products and various processes that make up cyber security todaywill set the stage for the future of security operations centers(SOC). The ideal way to initiate this transformation to the SOC oftomorrow is with a single cyber security platform such as FireEyeHelix, which is a cloud-hosted security operations platform.Integrating visibility, protection and detection with advancedanalytics is not a dream of the future, but an achievable realityright now.Check out the podcast, and also learn more about how FireEye Helixseamlessly integrates disparate security tools and augments them withnext generation SIEM, orchestration and threat intelligencecapabilities to capture the untapped potential of securityinvestments.

Cloud security is more important today than ever before. To learn moreabout the topic, Luke McNamara sat down with Martin Holste, CTO forCloud at FireEye, Chris Schreiber, FireEye product strategist, and JRWeiks, FireEye security principal engineer.In this first of two podcasts on cloud security, they discuss some ofthe security challenges that occur when migrating to the cloud,specifically highlighting some of the common problems that quicklyrise to the top once that journey begins. Additionally, they dive intosome of the different tactics that threat actors use to exploit cloudinfrastructure and how organizations can protect themselves.Check out the podcast, and for more information head over to ourFireEye Cloud Security page and our FireEye Partnership with AWS page.

In October 2019, FireEye launched its Purple Team and ContinuousPurple Team Assessments to enable organizations to quantifiablyevaluate security controls and programs against Verodin simulatedattack scenarios. With Purple Team Assessments, Mandiant experts guidean organization’s security team through highly-realistic attackscenarios.Luke McNamara spoke with one of our global red team leads who is onthe front lines managing this new offering, Evan Pena. During theirdiscussion, Evan explains what exactly a purple team is vs. atraditional red and blue team, what are the outputs/deliverables thatcome from a purple team, in what capacity will Verodin be used todeliver this new offering, and more.For more information about FireEye Mandiant Purple Team Assessments,including the FireEye Verodin Security Instrumentation Platform (SIP),please visithttps://www.fireeye.com/services/purple-team-assessment.html

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEyeIntelligence, EMEA at FireEye on the EMEA threat landscape. In theirdiscussion, Jens spoke on the multidimensional threats to the region,what those threats look like today, election security affecting thesecountries, and continued challenges for the public and private sector.

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEyeIntelligence, EMEA at FireEye on the EMEA threat landscape. In theirdiscussion, Jens spoke on the multidimensional threats to the region,what those threats look like today, election security affecting thesecountries, and continued challenges for the public and private sector.

The healthcare industry faces a range of threat actors and maliciousactivity. FireEye EVP, Products, Grady Summers spoke with PrincipalAnalyst, Luke McNamara on the types of financially motivated cyberthreat activity impacting healthcare organizations, nation statesthreats that the healthcare sector should be aware of, and how thethreat landscape for healthcare organizations evolve in the future.

The importance of being prepared cannot be understated. Companiesexperiencing an email compromise must undertake costly investigationsinvolving forensics services and data mining of affected inboxes tosee if sensitive information has been impacted. If that isn’t badenough, productivity and reputation also stand to take a hit.To shine some light on the business email compromise threat and howbest to defend against it, FireEye EVP and CTO Grady Summers sat downwith Ken Bagnall, VP for Email Security at FireEye, and LaurenWinchester, Privacy Breach Response Services Manager at Beazley.During their chat, the trio discussed awareness, prevention and a newunique offering from FireEye and Beazley.

In April 2018, FireEye CTO, Grady Summers had the opportunity to talkabout some of the latest features of FireEye Email Security with KenBagnall, VP for Email Security at FireEye. Their conversation ended upbeing one of our more popular 'Eye on Security' podcast episodes, soit was a no-brainer that Grady would have Ken back in July 2018 todiscuss some of the changes in email attacks that we had beenobserving.When Ken happily agreed to return for a third appearance, FireEyeChief Intel Strategist, Christopher Porter was particularly glad thatit was his turn to pick his brain. During their chat, Ken andChristopher talked about the innovation behind our secure emailgateway, the intellectual property behind FireEye technologies fordetecting advanced threats that others miss, and some general trendsrelated to email threats that we’re seeing today.Check out the podcast right now, and learn more about how FireEyeEmail Security can help defend against today’s most widely used – andlesser known – email attacks.

In recent weeks FireEye has been talking all about Expertise OnDemand, our annual subscription service that gives customers access tosecurity experts and more. As FireEye Chief Intelligence Strategist,it has been exciting to see the transformation on the Intelligenceside of things, but to get a better look at the Expertise On Demandservice as a whole we turned to Gareth Maclachlan, VP of Strategy andProduct Management.In our latest Eye on Security podcast, Gareth and Christopher discusseverything from how the Expertise On Demand service works and whatmakes it unique, to the overall experience for customers and partners.Gareth also talks about what prompted FireEye to offer Expertise OnDemand in the first place, including an all-too-familiar problem inthe industry: a shortage of trained security professionals.

The United States District Attorney’s Office for the Western Districtof Washington recently unsealed indictments and announced the arrestsof three individuals linked to a criminal organization we have beentracking since 2015 as FIN7. With the threat group in the news quite abit lately, FireEye CTO, Grady Summers sat down to discuss the actorsand the arrests with two of the foremost FIN7 experts: Nick Carr andBarry Vengerik from FireEye’s Advanced Practices Team.They discussed a wide variety of topics, including FIN7’s targeting,why they chose the particular sectors that they did, how they gainedan initial foothold in organizations, their tools and tactics,techniques and procedures (TTPs), some of the methods FireEye used totrack the group, and some of the ways FIN7 activity changed followingarrests made as far back as January 2018.More information on FIN7 and many other threat groups can be found inour Intel Portal as part of our FireEye iSIGHT Threat Intelligenceoffering.

Back in April 2018, FireEye CTO, Grady Summers had the chance to talkwith Ken Bagnall, VP for Email Security at FireEye. At the time, Kenand Grady chatted about FireEye’s acquisition of the company The EmailLaundry, which took place late 2017, and about some of the newcapabilities that was gained in FireEye Email Security from thatintegration. They also discussed some of the trends that had beenobserved in the email security space.Grady recently met back up with Ken to continue their chat, and thistime were also joined by Levi Lloyd, Senior Manager for DetectionServices at FireEye. During the conversation, the three of them dove alittle bit deeper into some of the details behind the changes in emailattacks that they've seen. They then went on to discuss some of thereally cutting-edge techniques that FireEye is using to respond tothose email attacks, including blocking impersonation attacks andURL-based attacks.Check-out the podcast, and also learn more about how FireEye EmailSecurity can help defend against today’s most widely used – and lesserknown – email attacks.

FireEye Chief Intelligence Strategist, Christopher Porter had theopportunity to speak with Jared Semrau, head of our Vulnerability andExploitation intelligence team. Jared discusses how his team gathersinformation on new and existing exploitable bugs, combines that withwhat FireEye knows from engagements and device detections, and howthey map that intelligence to known threat actors. There are a lot ofmyths going around about how vulnerability management should behandled and this discussion helped cut through a lot of that.Listen to the podcast to join this conversation and to learn whyFireEye rates less than 0.01% of its vulnerabilities as critical,compared to 10% of vulnerabilities being rated critical by publicsources. Jared did a great job explaining for me how this focus ononly the truly critical and exploitable vulnerabilities helps ourclients better utilize their limited threat hunting resources and keepoperational systems online as much as possible without unnecessaryout-of-cycle patching.

It’s hard to believe, but April 2018 marked the release of our 9thedition of M-Trends. To learn more about the latest report, FireEyeCTO, Grady Summers sat down and spoke with one of the keycontributors: Jurgen Kutscher, senior vice president responsible forall Mandiant Consulting and Managed Defense offerings at FireEye.During their conversation, Jurgen and Grady discussed a wide varietyof topics touched on in the M-Trends report, including the significantincrease in attacks originating from threat actors sponsored by Iran,a typically dwindling global median dwell time increasing from 99 daysin 2016 to 101 days in 2017, how more than half of organizations thatwere victims of a targeted attack were getting re-attacked by the sameor similarly motivated threat actors, and much more.Check out our podcast today, and also read the M-Trends report toexplore the latest and greatest trends that define today’s threatlandscape athttps://www.fireeye.com/current-threats/annual-threat-report/mtrends.html

FireEye CTO, Grady Summers discussed email security with Ken Bagnall,VP of the FireEye Email Security side of the business. Ken came toFireEye following its 2017 acquisition of The Email Laundry, where hewas a founder and CEO.<br><br>During their chat, Ken and Grady discussed a wide variety of topics,including Ken's history in the industry and how he got into emailsecurity, how the merging of The Email Laundry with FireEye was theperfect fit, up-and-coming email threats such as malware-less attacksand imposter-based attacks, and what FireEye is doing to stay ahead ofthese threats and ensure customers remain protected.<br><br>Check out the podcast, and learn more about how FireEye Email Securitycan help defend against today's most widely used - and lesser known -email attacks.

Chris Porter, chief intelligence strategist at FireEye had theopportunity to speak with Parnian Najafi Borazjani, senior cybersecurity analyst at FireEye, and Michael Rastigue, vice president,cyber risk practice growth leader for the central zone at Marsh, oncyber threats to the manufacturing industry.Listen to the podcast to learn about today's threats, including whothe bad actors are, what assets are they going after, and what aresome possible motivators for bad actors to target the industry.Additionally, Parnian and Michael discussed common exploit routes, andimprovement in risk mitigation and transfer options.

Chris Porter, chief intelligence strategist at FireEye had theopportunity to speak with Parnian Najafi Borazjani, senior cybersecurity analyst at FireEye, and Michael Rastigue, vice president,cyber risk practice growth leader for the central zone at Marsh, oncyber threats to the manufacturing industry.Listen to the podcast to learn about today's threats, including whothe bad actors are, what assets are they going after, and what aresome possible motivators for bad actors to target the industry.Additionally, Parnian and Michael discussed common exploit routes, andimprovement in risk mitigation and transfer options.

FireEye CTO, Grady Summers spoke about cyber security in 2018 withFireEye CSO, Steve Booth. They touched on various topics, includingthe threat landscape, threat actor techniques, nation-state activity,and the General Data Protection Regulation (GDPR).Check-out the podcast to hear more about what the new year has instore, and also learn a little bit about what organizations should bedoing to stay ahead of these threats – everything from basic upkeep tomanaging priorities.

Grady Summers, CTO, FireEye recently sat down to speak about FireEyeHelix with Paul Nguyen, Vice President and General Manager for Helixat FireEye. During their conversation, Paul reiterated a key focus ofHelix, which is to the help analysts be more effective at their jobs.Check out the podcast to hear all about the latest release (Helix1.2), how FireEye is able to pivot data from the consul throughorchestration, and more.

Chris Porter, chief intelligence strategist at FireEye recently satdown with Jeffrey Ashcraft, senior analyst at FireEye, and MatthewMcCabe, senior vice president and advisory specialist at Marsh, todiscuss cyber threats to the utilities sector and how much of what yousee hackers do in the movies really happens when utilities arebreached in the real world?Listen to our podcast to find out what the difference between anespionage attempt and preparation for an attack is, the importance ofterms and conditions in cyber insurance, and how to best distinguishbetween an attack and an intrusion to your organization.

Given recent high-profile incidents, cyber security has quickly risento the top of the priority list for many organizations, includinggovernments. As with many organizations these days, governmentinformation technology and security is migrating to the cloud. Asgovernment and public education entities migrate to Office 365, GoogleMail or other solutions for their primary email management service,theyâre also looking for email security that delivers advancedthreat protection, and this requires a service that is FedRAMPauthorized. FireEye CTO Grady Summers spoke with FireEye Global GovtCTO, Tony Cole and Risk Management Lead, Stacey Ziegler on how FireEyewill support the government as it moves to the cloud.

FireEye CTO, Grady Summers interviewed Kevin Mandia in the summer of2016 to discuss his goals as FireEye's newest CEO. One year later hehas caught-up with Kevin to discuss his âOne Teamâ philosophy, thesuccessful launch of Helix, and his love of overcoming challenges.

FireEye CTO, Grady Summers caught-up with John Miller, manager ofthreat intelligence to discuss his thoughts on the current threatlandscape.John touched on preventative steps organizations can put in place,popular attack methods and trends he’s observed from the front linesof our cyber investigations.

Matt Snyder, chief information security officer for the Penn StateMilton S. Hershey Medical Center joins Grady Summers, FireEye chieftechnology officer, for a thought-provoking discussion spanning abroad range of security-related topics. Organizations in thehealthcare sector are experiencing exponentially increasing levels oftargeted attacks from organized crime and nation states: Matt shareshis approach to creating a holistic strategy to protect his complexenvironment.

In this podcast, Dan Scali, senior manager for Mandiant consulting andGrady Summers, FireEye Chief Technology Officer, discuss key issues incritical infrastructure and industrial control systems. Bank datacenters, nuclear power plants, and water plants make up this nichearea of information security thatâs quickly gained increasedimportance with recent high profile breaches. Dan covers some of thevulnerabilities these organizations have, including lack of networksegmentation and patching, and how this allows everything fromcrimeware to nation state attacks to threaten the integrity ofcritical systems. Organizations of all sizes need a pragmatic approachto security by adopting holistic security programs, employingenterprise wide monitoring, and ensuring they have incident responseplans in place. Dan discusses some of the ways Mandiant consultantsare helping these organizations in these areas including programdevelopment and non-invasive ICS health checks.

Detecting today’s attacks is difficult. Attackers are moresophisticated, better funded and better organized. Moreover, theattacks are more targeted, with 80 percent of observed malware showingup just once and 68 percent of malware being used against only asingle organization. In many cases, malware isn’t even involved in theattacks – instead, the threat actors use a variety of tactics, some ofwhich have never been seen before.A well-designed architecture needs to detect even the mostsophisticated attacks, especially those designed to evade defensivemechanisms. Furthermore, it needs to detect those attacks withoutgenerating the false positives that may lead to security personnelmissing the true threats. Perhaps most importantly, alerts must comewith the context that enables security teams to prioritizeinvestigations and design a proper response.In our latest podcast, Josh Goldfarb discusses all of this and morewith Matt Allen, senior director of FireEye Labs.

Paul Nguyen, VP, Orchestration & Integration for FireEye discusses howorchestration levels the battlefield by leveraging FireEye's yearsof expertise battling the world's most consequential breaches.

I was fortunate to sit down with Michael Sikorski, Director, FireEyeLabs Advanced Reverse Engineering (FLARE) Team. During ourconversation we discussed the origin of the FLARE team, Michael’s book“Practical Malware Analysis: The Hands-On Guide to DissectingMalicious Software”, and the latest freeware tools FLOSS andFakeNet-NG.

Over the years we have seen our message of detect, respond, andcontain resonate through-out the cyber security industry. I wanted toexplore this mantra further by speaking with our Vice President,Mandiant Global Consulting â US Central & Latin America andExecutive Director, Strategic Services, Russell Teague.On this podcast we discuss how strategic services help by makingcompanies proactive in their security efforts, what the right level ofsecurity is for each organization, and the role board of directorsplay.

FireEye CEO Kevin Mandia took the helm of the company in mid-June witha tall order: to understand the current challenges and arrange all ofthe components to make FireEye the best security company in theindustry.In this Eye on Security podcast, FireEye Chief Technology OfficerGrady Summers talks with Kevin about why he’s so well positioned tolead the company, including why he started Mandiant, why he scrappedhis business plan after just 30 minutes, and how his experiences withMandiant will help him move FireEye forward.

Earlier this year FireEye’s Mandiant business unit launched Red TeamOperations, which consists of two unique services designed to assessthe strength an organizations’ security program: Red Team Assessmentsand Red Teaming for Security Operations.During Black Hat USA 2016 I met up with Marshall Heilman, VicePresident, Mandiant Consulting – West and Executive Director, IR andRed Team Operations to discuss how his team determines their approachfor each engagement and what differentiates Mandiant’s Red Team fromothers.

Chris Tannery is a senior manager on the FireEye as a Service (FaaS)team. In his role he helps customers with the onboarding process.

Nicole Oppenheim is the manager of Advanced Practices for FireEye as aService (FaaS). She is responsible for reviewing our analyticalstrategy within FaaS and determining the best way forward to findadvanced attackers.

Pete Smith is a network practice lead for FaaS (FireEye as a Service).In his role as network practice lead, Pete is responsible fordesigning network services that our analysts use to defend ourcustomers from advanced attackers.

FireEye CTO of Emerging Technologies, Josh Goldfarb sat down with Sr.Director, Yogi Chandiramani and international threat intel liaison,Jens Monrad to discuss findings from the latest EMEA Regional AdvancedThreat Report.

FireEye CTO Grady Summers recently sat down with SangYun Jeong,Information Security Manager for GS Caltex to discuss his take on whatit's like to manage information security for a large oil refinercompany in Korea.Listen to the podcast and hear what the top cybersecurity risks arethat face an organization controlling and managing SCADA systems, whatprompted manufactures to become interested in protecting theirorganizations against targeted attackers, and SangYun's thoughts onwhat security vendors can do to improve.

Hear from John Watters - the founder and former CEO of iSIGHT Partners(now the Cyber Threat Intelligence arm of FireEye) on his views of thecurrent state of cyber security, and what you can expect to hear fromhim at the upcoming Cyber Defense Live Summit hosted by FireEye.

We sat down with Shannon Lietz, head of DevSecOps engineers at Intuit,about the company’s philosophy regarding cloud security. In thispodcast she discusses what kinds of resources Intuit has devoted tokeeping the cloud safe, advice for companies considering moving to thecloud, and how enterprises can use the cloud while staying ahead ofattackers.She also describes Red Team Mondays, Blue Team Intelligence, and howIntuit uses fire drills to keep vendors on their toes.

More and more companies are relying on the cloud for storage andcollaboration, but what does that mean from a security and cyberstandpoint? How safe is it? Who has access? And would you know ifsomeone else was accessing your data?Patrick Heim is head of trust and security at Dropbox. He answersthese questions and more – including how Dropbox protects itscustomer’s data – in our latest podcast. He also discusses thedifference between securing a cloud platform versus securing anenterprise.

In this podcast, Grady Summers, FireEye CTO, discusses the cyberissues that organizations face, the communication roadblocks betweenthose on the ground and at the board level, what steps to take to getpast these obstacles, and the next big trends in cyber security.

Learn more about the newest members of the FireEye family from PaulNguyen, founder and CEO of Invotas and John Watters, founder, chairmanand CEO of iSIGHT Partners. Hear why they started their companies, howtheir addition to FireEye adds to our already robust product andsubscription offering, and what this all means both immediately andlong-term for our customers.

Learn more about the latest trends in cyber and what you can do toprotect your enterprise from Jurgen Kutscher, vice president ofsecurity consulting services at Mandiant, a FireEye company.

How do you weed through the noise to find the signal? In this latestpodcast, Josh Goldfarb, Vice President and Chief Technology Officer atFireEye, discusses best practices when looking for the signal withinthe noise of alert volume.According to Goldfarb, there are many ways an organization couldimprove the efficiency of its security operations workflow, but oneway in particular makes a significant difference. A better quality ofalerts means more efficiency.. In other words, our work queue defineswhat our scarce human resources work on in a given day. Given that,doesn’t it make sense to supply that work queue with the highestquality, highest fidelity alerts possible to ensure that humanresources spend their precious cycles on the highest value work? Inother words: more signal, less noise. Learn how this approach impactsinformation security and cyberwar in this latest podcast.