SlideShare a Scribd company logo
You Have an
ADVERSARY PROBLEM.
Who’s Targeting You and Why?
@CROWDSTRIKE | #CROWDCASTS

AGENDA

YOU HAVE AN ADVERSARY PROBLEM.
1. 

INTELLIGENCE-DRIVEN SECURITY

2. 

ADVERSARY CATEGORIZATION

3. 

ADVERSARY GROUPS - OVERVIEW

4. 

NOTABLE ACTIVITY – Q3

5. 

NEW ACTORS

6. 

ACTIONALIZING INTELLIGENCE

2013 CrowdStrike, Inc. All rights reserved.

2
@CROWDSTRIKE | #CROWDCASTS

Today’s Speakers
ADAM MEYERS |
VP, INTELLIGENCE
Recognized speaker, trainer, and intelligence expert with 15+ years
of cyber security industry experience
10 years in the DIB supporting US GOV customers on topics
ranging from wireless, pen testing, IR, and malware analysis

@ADAM_CYBER

2013 Crowdstrike, Inc. All rights reserved.

3
@CROWDSTRIKE | #CROWDCASTS

Today’s Speakers
MATT DAHL |
SENIOR ANALYST/ LEGAL COUNSEL
Cyber threat analyst focused on targeted intrusion activity
Focused on investigating indicators of compromise to identify
specific adversary activity
Legal liaison to the CrowdStrike Intelligence Team

@CROWDSTRIKE

2013 Crowdstrike, Inc. All rights reserved.

4
@CROWDSTRIKE | #CROWDCASTS

Adversaries are humans
Targeted Attackers:

WHO ARE THE
ADVERSARIES?

Motivation can range from disruption,
theft, to even destruction
They need to get in
They will likely need to move laterally

Spray and Pray (Prey):
They don’t care who they target
(sometimes what)
The more they compromise the
more they win
Motivation can range from disruption,
theft, to even destruction
2013 Crowdstrike, Inc. All rights reserved.

5
INTELLIGENCE-DRIVEN SECURITY

2013 CrowdStrike, Inc. All rights reserved.

6
@CROWDSTRIKE | #CROWDCASTS

Adversary Categorization
CATEGORIZATION| Adversary Groups

1

Tactics, Techniques, and Practices

2

Never assume relationships exist
Between indicators

3

Recognize adversaries are constantly changing

4

But RECOGNIZE they are HUMAN

CATEGORIZATION

2013 Crowdstrike, Inc. All rights reserved.

7
Intelligence: Adversary Groups

@CROWDSTRIKE | #CROWDCASTS

CHINA
Anchor Panda
Comment Panda
Impersonating Panda
Temper Panda
Keyhole Panda
Aurora Panda
Stone Panda
Vixen Panda
Union Panda
Poisonous Panda

Pirate Panda
Dagger Panda
Violin Panda
Putter Panda
Test Panda
Gibberish Panda
Electric Panda
Wet Panda
Karma Panda
Dynamite Panda

Radio Panda
Samurai Panda
Toxic Panda
Numbered Panda
Pitty Panda
Foxy Panda
Deep Panda

2013 CrowdStrike, Inc. All rights reserved.

8
Intelligence

@CROWDSTRIKE | #CROWDCASTS

Adversary Groups

IRAN
Clever Kitten: Energy Companies
Cutting Kitten: For Hire

NORTH KOREA
Silent Chollima:
Energy Companies

RUSSIA
Energetic Bear: Oil and Gas
Companies

INDIA
Viceroy Tiger Government,
Legal, Financial, Media,
Telecom

2013 CrowdStrike, Inc. All rights reserved.

9
Intelligence

@CROWDSTRIKE | #CROWDCASTS

Adversary Groups

HACKTIVIST/ACTIVIST/
TERRORIST
CRIMINAL

Deadeye Jackal Commercial,

Singing Spider Commercial, Financial

Financial, Media, Social Networking

Union Spider Manufacturing

Ghost Jackal Commercial, Energy,

Andromeda Spider Numerous

Financial
Corsair Jackal Commercial,
Technology, Financial, Energy
Extreme Jackal Military,
Government

2013 CrowdStrike, Inc. All rights reserved.

10
@CROWDSTRIKE | #CROWDCASTS

Notable Activity – Q3
NEW ADVERSARIES
STONE PANDA | NIGHTSHADE PANDA | GOBLIN PANDA | CORSAIR JACKAL

NOTABLE ACTIVITY
DEADEYE JACKAL | NUMBERED PANDA | SILENT CHOLLIMA

2013 Crowdstrike, Inc. All rights reserved.

11
NEW ACTORS

2013 CrowdStrike, Inc. All rights reserved.

12
Intelligence: STONE PANDA
OPERATIONAL
WINDOW

May 2010 to Present

@CROWDSTRIKE | #CROWDCASTS

TARGETING
Healthcare
Defense
Aerospace

OBJECTIVES

Recon
Lateral movement
Data exfiltration

Government

TOOLS

Poison Ivy RAT
IEChecker/EvilGrab

2013 CrowdStrike, Inc. All rights reserved.

13
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Healthcare, Defense,
Aerospace, Government
Delivery: Likely spearphishing

WHO IS
STONE PANDA?

Malware: Poison Ivy and EvilGrab/
IEChecker
Known Poison Ivy passwords:
menuPass, happyyongzi, Thankss,
Xgstone, keaidestone, and admin

C2 Indicators: fbi.sexxxy.biz;
u1.FartIT.com; jj.mysecondarydns.com;
54.241.13.219; 184.169.176.71;
114.80.96.8
2013 Crowdstrike, Inc. All rights reserved.

14
Intelligence: NIGHTSHADE PANDA
OPERATIONAL
WINDOW

Feb 2008 to Present

OBJECTIVES

Recon
Lateral movement
Data exfiltration

@CROWDSTRIKE | #CROWDCASTS

TARGETING

Media
NGO/Int’l Relations
Universities
TOOLS

Poison Ivy
PlugX

2013 CrowdStrike, Inc. All rights reserved.

15
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Media; NGO/Int’l
Relations; Universities

WHO IS
NIGHTSHADE
PANDA?

Delivery: Likely spearphishing
Malware: PlugX and Poison Ivy
Known Poison Ivy passwords: synnia

C2 Indicators: www.adv138mail.com;
pu.flowershow.org; tech.network-sec.net;
184.105.178.83; 199.59.243.106;
112.137.162.151

2013 Crowdstrike, Inc. All rights reserved.

16
Intelligence: GOBLIN PANDA
OPERATIONAL
WINDOW

July 2012 to July 2013

OBJECTIVES

Recon
Lateral movement
Data exfiltration

@CROWDSTRIKE | #CROWDCASTS

TARGETING

Aerospace
Defense
Energy
Government
Shipping

TOOLS

Technology

Spearphishing using office doc
ZeGhost specific mutexes

2013 CrowdStrike, Inc. All rights reserved.

17
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Aerospace; Defense;
Energy; Government; Shipping;
Technology; Telecommunications

WHO IS
GOBLIN PANDA?

Delivery: Spearphishing
Malware: HttpTunnel (AV detection = Zegost)
Mutexes: HttpTunnel@@ or Http@@@

C2 Indicators: vnpt.conimes.com;
mofa.conimes.com;
pvep.scvhosts.com; 112.175.79.55;
223.26.55.122; 198.100.97.245

2013 Crowdstrike, Inc. All rights reserved.

18
@CROWDSTRIKE | #CROWDCASTS

Intelligence: CORSAIR JACKAL
OPERATIONAL
WINDOW

February 2013 to May 2013

OBJECTIVES

Information Disclosure

TARGETING

Energy
Financial
Government
Shipping
Telecom

TOOLS

Cross Site Scripting (XSS)

2013 CrowdStrike, Inc. All rights reserved.

19
@CROWDSTRIKE | #CROWDCASTS

Timeline: CORSAIR JACKAL

2012 XTnR3v0LT
colludes with Anonymous
group XL3gi0n

January 25, 2013 New
members added

January 22, 2013
XTnR3v0LT announce
formation of TCA

March 1 2013 Announced
compromise of US financial

February 2013
Announced
participation in
#opblacksummer

July 29 2013 Ben Khlifa
announces new personal page

May 7, 2013
XTnR3v0LT
arrested by Tunisian
Authorities

September 2, 2013
Tweets XSS
vulnerability on
Sourceforge

2013 CrowdStrike, Inc. All rights reserved.

20
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Energy; Financial;
Government; Shipping;
Telecommunications

WHO IS
CORSAIR
JACKAL?

Primarily One Individual: Fahmi Ben
Khlifa (XTnR3v0LT)
Professed nationalistic motivations for
malicious activity, but also white hat
activity.
Cross-site scripting attacks used to
compromise databases at target
organizations.

2013 Crowdstrike, Inc. All rights reserved.

21
NOTABLE ACTIVITY

2013 CrowdStrike, Inc. All rights reserved.

22
@CROWDSTRIKE | #CROWDCASTS

Intelligence: DEADEYE JACKAL
OPERATIONAL
WINDOW

TARGETING

May 2011 to Present

Financial Institution
Media/News
Social Network Platforms

OBJECTIVES

Propaganda
Disinformation
Disruption

TOOLS

Spearphishing
Web Exploitation
Facebook Spamming
2013 CrowdStrike, Inc. All rights reserved.

23
@CROWDSTRIKE | #CROWDCASTS

Timeline: DEADEYE JACKAL

August 26, 2011
May 5, 2011 SEA Mohammad Ahmad Fall 2011 – Spring 2013
Officially Formed Kabbani Killed
Web Defacements

Facebook
Spamming

September 2011
Harvard
Defacement

July 2013 3rd Party
Provider Breaches

February 2013
Twitter Account
Takeovers

August 2013
Domain
Hijacking

2013 CrowdStrike, Inc. All rights reserved.

24
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Financial Institutions;
Media/News; Social Network Platforms

WHO IS
DEADEYE
JACKAL?

Delivery: Spearphishing
Nationalistic, pro-Syrian regime
motivations
Defacement, account takeover,
third-party provider attacks,
credential collection

2013 Crowdstrike, Inc. All rights reserved.

25
Intelligence: NUMBERED PANDA
OPERATIONAL
WINDOW

2009 - Present

OBJECTIVES

Recon
Lateral movement
Data exfiltration

@CROWDSTRIKE | #CROWDCASTS

TARGETING

Government
Financial
Telecom
Technology
Media

TOOLS

Spearphishing
Dynamic Calculation

2013 CrowdStrike, Inc. All rights reserved.

26
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Government; Financial;
Telecommunications; Media

WHO IS
NUMBERED
PANDA?

Delivery: Spearphishing
Malware: Ixeshe, Mswab, Gh0st,
ShowNews, 3001
C2 Indicators: getfresh.dnsrd.com;
serial.ddns.ms; gfans.onmypc.us;
23.19.122.202; 192.154.108.10;
192.154.111.200
2013 Crowdstrike, Inc. All rights reserved.

27
Intelligence: SILENT CHOLLIMA
OPERATIONAL
WINDOW

2007 to Present

@CROWDSTRIKE | #CROWDCASTS

TARGETING

Multiple targets in ROK
Global Targets of Opportunity

OBJECTIVES

Recon
Criminal Monetization
Lateral movement
Data Destruction

TOOLS

Custom Malware

2013 CrowdStrike, Inc. All rights reserved.

28
@CROWDSTRIKE | #CROWDCASTS

Target Sectors: Media

WHO IS
SILENT
CHOLLIMA?

Delivery: Spearphishing
Malware: HTTP/IRC-based; Tdrop;
Concealment Troy; LSG
C2 indicators: www.designface.net;
www.sdmp.kr; www.socrates.tw;
202.172.28.111; 63.115.31.15;
209.137.232.3

2013 Crowdstrike, Inc. All rights reserved.

29
@CROWDSTRIKE | #CROWDCASTS

INTELLIGENCE-DRIVEN SECURITY
INTELLIGENCE| Adversary-Centric

1

INTELLIGENCE

Understand the adversaries targeting your
Vertical | Company | Geo-Location | Customers

2

Build appropriate defenses to counter/detect
these adversaries

3

Perform other security practices from an
Adversary-centric perspective
Pen Testing (Red Team)
Security Operations Briefings
Log Review

2013 Crowdstrike, Inc. All rights reserved.

30
@CROWDSTRIKE | #CROWDCASTS

INTELLIGENCE-DRIVEN SECURITY
INTELLIGENCE| Making it Actionable

1
ACTIONALIZING INTELLIGENCE

Intelligence is difficult to consume
Lots of information to keep straight
New data constantly flowing in (possibly unvetted)

2

Security Operations need to change shis & people

3

Actionable Intelligence

Pass down can’t possibly occur with all indicators

2013 Crowdstrike, Inc. All rights reserved.

31
@CROWDSTRIKE | #CROWDCASTS

Adversary Microsite
COMING SOON
TRACK: Track current
Adversaries against other
Industry nomenclature
OVERVIEW: Gain insight
Into adversary – new groups
Added weekly

2013 Crowdstrike, Inc. All rights reserved.

32
@CROWDSTRIKE | #CROWDCASTS

RESOURCES

Next up: Enterprise Activity Monitoring
The Power to HUNT
November 5th | 2PM ET/11AM PT

Download a Sample
Adversary Intelligence Report
http://www.crowdstrike.com/
sites/default/files/deeppanda.pdf
For additional information,
CONTACT SALES@CROWDSTRIKE.COM

*NEW* Videos Every Thursday | 1PM ET
http://www.crowdstrike.com/crowdcasts/index.html

2013 Crowdstrike, Inc. All rights reserved.

33
Q&A

Q&A

@CROWDSTRIKE | #CROWDCASTS

Please type all questions into the
Q&A section of the
GoToWebinar Control Panel
If you have additional ?’s, contact us
At crowdcasts@crowdstrike.com

2013 CrowdStrike, Inc. All rights reserved.

34
CrowdCasts Monthly: You Have an Adversary Problem

More Related Content

What's hot

Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?
manoharparakh
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }
AkshayJha40
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response Roles
Florian Roth
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
 Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
MITRE ATT&CK
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
Falgun Rathod
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensics
Prince Boonlia
 

What's hot (20)

Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response Roles
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
 Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensics
 

Similar to CrowdCasts Monthly: You Have an Adversary Problem

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013
Kappa Data
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
Numaan Huq
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109
Frank Backes
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
EMC
 
RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013
EMC
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 
Proactive Counterespionage as a Part of Business Continuity and Resiliency
Proactive Counterespionage as a Part of Business Continuity and ResiliencyProactive Counterespionage as a Part of Business Continuity and Resiliency
Proactive Counterespionage as a Part of Business Continuity and Resiliency
Dr. Lydia Kostopoulos
 
COMMON GOOD DIGITAL FRAMEWORK
COMMON GOOD DIGITAL FRAMEWORKCOMMON GOOD DIGITAL FRAMEWORK
COMMON GOOD DIGITAL FRAMEWORK
Boston Global Forum
 
2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master
bodaceacat
 
Data science unit introduction
Data science unit introductionData science unit introduction
Data science unit introduction
Gregg Barrett
 
Forrester no more chewy centers- the zero trust model
Forrester   no more chewy centers- the zero trust modelForrester   no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
Cristian Garcia G.
 
Is Your Organization in Crisis?
Is Your Organization in Crisis?Is Your Organization in Crisis?
Is Your Organization in Crisis?
BlackBerry
 
Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...
Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...
Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...
Charles Mok
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
Qrator Labs
 
DDoS Cyber Attacks Against Global Markets | Prolexic
DDoS Cyber Attacks Against Global Markets | ProlexicDDoS Cyber Attacks Against Global Markets | Prolexic
DDoS Cyber Attacks Against Global Markets | Prolexic
Prolexic
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
Daniel McGarvey
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 

Similar to CrowdCasts Monthly: You Have an Adversary Problem (20)

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013RSA Monthly Online Fraud Report -- May 2013
RSA Monthly Online Fraud Report -- May 2013
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Proactive Counterespionage as a Part of Business Continuity and Resiliency
Proactive Counterespionage as a Part of Business Continuity and ResiliencyProactive Counterespionage as a Part of Business Continuity and Resiliency
Proactive Counterespionage as a Part of Business Continuity and Resiliency
 
COMMON GOOD DIGITAL FRAMEWORK
COMMON GOOD DIGITAL FRAMEWORKCOMMON GOOD DIGITAL FRAMEWORK
COMMON GOOD DIGITAL FRAMEWORK
 
2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master
 
Data science unit introduction
Data science unit introductionData science unit introduction
Data science unit introduction
 
Forrester no more chewy centers- the zero trust model
Forrester   no more chewy centers- the zero trust modelForrester   no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
 
Is Your Organization in Crisis?
Is Your Organization in Crisis?Is Your Organization in Crisis?
Is Your Organization in Crisis?
 
Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...
Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...
Mistrust vs Misinformation: Fake News, AI and Privacy -- The Next Frontiers i...
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 
DDoS Cyber Attacks Against Global Markets | Prolexic
DDoS Cyber Attacks Against Global Markets | ProlexicDDoS Cyber Attacks Against Global Markets | Prolexic
DDoS Cyber Attacks Against Global Markets | Prolexic
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 

More from CrowdStrike

Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
CrowdStrike
 
Venom
Venom Venom
Venom
CrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
CrowdStrike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
CrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
CrowdStrike
 

More from CrowdStrike (20)

Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Venom
Venom Venom
Venom
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 

Recently uploaded

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
jpupo2018
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 

Recently uploaded (20)

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 

CrowdCasts Monthly: You Have an Adversary Problem

  • 1. You Have an ADVERSARY PROBLEM. Who’s Targeting You and Why?
  • 2. @CROWDSTRIKE | #CROWDCASTS AGENDA YOU HAVE AN ADVERSARY PROBLEM. 1.  INTELLIGENCE-DRIVEN SECURITY 2.  ADVERSARY CATEGORIZATION 3.  ADVERSARY GROUPS - OVERVIEW 4.  NOTABLE ACTIVITY – Q3 5.  NEW ACTORS 6.  ACTIONALIZING INTELLIGENCE 2013 CrowdStrike, Inc. All rights reserved. 2
  • 3. @CROWDSTRIKE | #CROWDCASTS Today’s Speakers ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER 2013 Crowdstrike, Inc. All rights reserved. 3
  • 4. @CROWDSTRIKE | #CROWDCASTS Today’s Speakers MATT DAHL | SENIOR ANALYST/ LEGAL COUNSEL Cyber threat analyst focused on targeted intrusion activity Focused on investigating indicators of compromise to identify specific adversary activity Legal liaison to the CrowdStrike Intelligence Team @CROWDSTRIKE 2013 Crowdstrike, Inc. All rights reserved. 4
  • 5. @CROWDSTRIKE | #CROWDCASTS Adversaries are humans Targeted Attackers: WHO ARE THE ADVERSARIES? Motivation can range from disruption, theft, to even destruction They need to get in They will likely need to move laterally Spray and Pray (Prey): They don’t care who they target (sometimes what) The more they compromise the more they win Motivation can range from disruption, theft, to even destruction 2013 Crowdstrike, Inc. All rights reserved. 5
  • 7. @CROWDSTRIKE | #CROWDCASTS Adversary Categorization CATEGORIZATION| Adversary Groups 1 Tactics, Techniques, and Practices 2 Never assume relationships exist Between indicators 3 Recognize adversaries are constantly changing 4 But RECOGNIZE they are HUMAN CATEGORIZATION 2013 Crowdstrike, Inc. All rights reserved. 7
  • 8. Intelligence: Adversary Groups @CROWDSTRIKE | #CROWDCASTS CHINA Anchor Panda Comment Panda Impersonating Panda Temper Panda Keyhole Panda Aurora Panda Stone Panda Vixen Panda Union Panda Poisonous Panda Pirate Panda Dagger Panda Violin Panda Putter Panda Test Panda Gibberish Panda Electric Panda Wet Panda Karma Panda Dynamite Panda Radio Panda Samurai Panda Toxic Panda Numbered Panda Pitty Panda Foxy Panda Deep Panda 2013 CrowdStrike, Inc. All rights reserved. 8
  • 9. Intelligence @CROWDSTRIKE | #CROWDCASTS Adversary Groups IRAN Clever Kitten: Energy Companies Cutting Kitten: For Hire NORTH KOREA Silent Chollima: Energy Companies RUSSIA Energetic Bear: Oil and Gas Companies INDIA Viceroy Tiger Government, Legal, Financial, Media, Telecom 2013 CrowdStrike, Inc. All rights reserved. 9
  • 10. Intelligence @CROWDSTRIKE | #CROWDCASTS Adversary Groups HACKTIVIST/ACTIVIST/ TERRORIST CRIMINAL Deadeye Jackal Commercial, Singing Spider Commercial, Financial Financial, Media, Social Networking Union Spider Manufacturing Ghost Jackal Commercial, Energy, Andromeda Spider Numerous Financial Corsair Jackal Commercial, Technology, Financial, Energy Extreme Jackal Military, Government 2013 CrowdStrike, Inc. All rights reserved. 10
  • 11. @CROWDSTRIKE | #CROWDCASTS Notable Activity – Q3 NEW ADVERSARIES STONE PANDA | NIGHTSHADE PANDA | GOBLIN PANDA | CORSAIR JACKAL NOTABLE ACTIVITY DEADEYE JACKAL | NUMBERED PANDA | SILENT CHOLLIMA 2013 Crowdstrike, Inc. All rights reserved. 11
  • 12. NEW ACTORS 2013 CrowdStrike, Inc. All rights reserved. 12
  • 13. Intelligence: STONE PANDA OPERATIONAL WINDOW May 2010 to Present @CROWDSTRIKE | #CROWDCASTS TARGETING Healthcare Defense Aerospace OBJECTIVES Recon Lateral movement Data exfiltration Government TOOLS Poison Ivy RAT IEChecker/EvilGrab 2013 CrowdStrike, Inc. All rights reserved. 13
  • 14. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Healthcare, Defense, Aerospace, Government Delivery: Likely spearphishing WHO IS STONE PANDA? Malware: Poison Ivy and EvilGrab/ IEChecker Known Poison Ivy passwords: menuPass, happyyongzi, Thankss, Xgstone, keaidestone, and admin C2 Indicators: fbi.sexxxy.biz; u1.FartIT.com; jj.mysecondarydns.com; 54.241.13.219; 184.169.176.71; 114.80.96.8 2013 Crowdstrike, Inc. All rights reserved. 14
  • 15. Intelligence: NIGHTSHADE PANDA OPERATIONAL WINDOW Feb 2008 to Present OBJECTIVES Recon Lateral movement Data exfiltration @CROWDSTRIKE | #CROWDCASTS TARGETING Media NGO/Int’l Relations Universities TOOLS Poison Ivy PlugX 2013 CrowdStrike, Inc. All rights reserved. 15
  • 16. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Media; NGO/Int’l Relations; Universities WHO IS NIGHTSHADE PANDA? Delivery: Likely spearphishing Malware: PlugX and Poison Ivy Known Poison Ivy passwords: synnia C2 Indicators: www.adv138mail.com; pu.flowershow.org; tech.network-sec.net; 184.105.178.83; 199.59.243.106; 112.137.162.151 2013 Crowdstrike, Inc. All rights reserved. 16
  • 17. Intelligence: GOBLIN PANDA OPERATIONAL WINDOW July 2012 to July 2013 OBJECTIVES Recon Lateral movement Data exfiltration @CROWDSTRIKE | #CROWDCASTS TARGETING Aerospace Defense Energy Government Shipping TOOLS Technology Spearphishing using office doc ZeGhost specific mutexes 2013 CrowdStrike, Inc. All rights reserved. 17
  • 18. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Aerospace; Defense; Energy; Government; Shipping; Technology; Telecommunications WHO IS GOBLIN PANDA? Delivery: Spearphishing Malware: HttpTunnel (AV detection = Zegost) Mutexes: HttpTunnel@@ or Http@@@ C2 Indicators: vnpt.conimes.com; mofa.conimes.com; pvep.scvhosts.com; 112.175.79.55; 223.26.55.122; 198.100.97.245 2013 Crowdstrike, Inc. All rights reserved. 18
  • 19. @CROWDSTRIKE | #CROWDCASTS Intelligence: CORSAIR JACKAL OPERATIONAL WINDOW February 2013 to May 2013 OBJECTIVES Information Disclosure TARGETING Energy Financial Government Shipping Telecom TOOLS Cross Site Scripting (XSS) 2013 CrowdStrike, Inc. All rights reserved. 19
  • 20. @CROWDSTRIKE | #CROWDCASTS Timeline: CORSAIR JACKAL 2012 XTnR3v0LT colludes with Anonymous group XL3gi0n January 25, 2013 New members added January 22, 2013 XTnR3v0LT announce formation of TCA March 1 2013 Announced compromise of US financial February 2013 Announced participation in #opblacksummer July 29 2013 Ben Khlifa announces new personal page May 7, 2013 XTnR3v0LT arrested by Tunisian Authorities September 2, 2013 Tweets XSS vulnerability on Sourceforge 2013 CrowdStrike, Inc. All rights reserved. 20
  • 21. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Energy; Financial; Government; Shipping; Telecommunications WHO IS CORSAIR JACKAL? Primarily One Individual: Fahmi Ben Khlifa (XTnR3v0LT) Professed nationalistic motivations for malicious activity, but also white hat activity. Cross-site scripting attacks used to compromise databases at target organizations. 2013 Crowdstrike, Inc. All rights reserved. 21
  • 22. NOTABLE ACTIVITY 2013 CrowdStrike, Inc. All rights reserved. 22
  • 23. @CROWDSTRIKE | #CROWDCASTS Intelligence: DEADEYE JACKAL OPERATIONAL WINDOW TARGETING May 2011 to Present Financial Institution Media/News Social Network Platforms OBJECTIVES Propaganda Disinformation Disruption TOOLS Spearphishing Web Exploitation Facebook Spamming 2013 CrowdStrike, Inc. All rights reserved. 23
  • 24. @CROWDSTRIKE | #CROWDCASTS Timeline: DEADEYE JACKAL August 26, 2011 May 5, 2011 SEA Mohammad Ahmad Fall 2011 – Spring 2013 Officially Formed Kabbani Killed Web Defacements Facebook Spamming September 2011 Harvard Defacement July 2013 3rd Party Provider Breaches February 2013 Twitter Account Takeovers August 2013 Domain Hijacking 2013 CrowdStrike, Inc. All rights reserved. 24
  • 25. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Financial Institutions; Media/News; Social Network Platforms WHO IS DEADEYE JACKAL? Delivery: Spearphishing Nationalistic, pro-Syrian regime motivations Defacement, account takeover, third-party provider attacks, credential collection 2013 Crowdstrike, Inc. All rights reserved. 25
  • 26. Intelligence: NUMBERED PANDA OPERATIONAL WINDOW 2009 - Present OBJECTIVES Recon Lateral movement Data exfiltration @CROWDSTRIKE | #CROWDCASTS TARGETING Government Financial Telecom Technology Media TOOLS Spearphishing Dynamic Calculation 2013 CrowdStrike, Inc. All rights reserved. 26
  • 27. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Government; Financial; Telecommunications; Media WHO IS NUMBERED PANDA? Delivery: Spearphishing Malware: Ixeshe, Mswab, Gh0st, ShowNews, 3001 C2 Indicators: getfresh.dnsrd.com; serial.ddns.ms; gfans.onmypc.us; 23.19.122.202; 192.154.108.10; 192.154.111.200 2013 Crowdstrike, Inc. All rights reserved. 27
  • 28. Intelligence: SILENT CHOLLIMA OPERATIONAL WINDOW 2007 to Present @CROWDSTRIKE | #CROWDCASTS TARGETING Multiple targets in ROK Global Targets of Opportunity OBJECTIVES Recon Criminal Monetization Lateral movement Data Destruction TOOLS Custom Malware 2013 CrowdStrike, Inc. All rights reserved. 28
  • 29. @CROWDSTRIKE | #CROWDCASTS Target Sectors: Media WHO IS SILENT CHOLLIMA? Delivery: Spearphishing Malware: HTTP/IRC-based; Tdrop; Concealment Troy; LSG C2 indicators: www.designface.net; www.sdmp.kr; www.socrates.tw; 202.172.28.111; 63.115.31.15; 209.137.232.3 2013 Crowdstrike, Inc. All rights reserved. 29
  • 30. @CROWDSTRIKE | #CROWDCASTS INTELLIGENCE-DRIVEN SECURITY INTELLIGENCE| Adversary-Centric 1 INTELLIGENCE Understand the adversaries targeting your Vertical | Company | Geo-Location | Customers 2 Build appropriate defenses to counter/detect these adversaries 3 Perform other security practices from an Adversary-centric perspective Pen Testing (Red Team) Security Operations Briefings Log Review 2013 Crowdstrike, Inc. All rights reserved. 30
  • 31. @CROWDSTRIKE | #CROWDCASTS INTELLIGENCE-DRIVEN SECURITY INTELLIGENCE| Making it Actionable 1 ACTIONALIZING INTELLIGENCE Intelligence is difficult to consume Lots of information to keep straight New data constantly flowing in (possibly unvetted) 2 Security Operations need to change shis & people 3 Actionable Intelligence Pass down can’t possibly occur with all indicators 2013 Crowdstrike, Inc. All rights reserved. 31
  • 32. @CROWDSTRIKE | #CROWDCASTS Adversary Microsite COMING SOON TRACK: Track current Adversaries against other Industry nomenclature OVERVIEW: Gain insight Into adversary – new groups Added weekly 2013 Crowdstrike, Inc. All rights reserved. 32
  • 33. @CROWDSTRIKE | #CROWDCASTS RESOURCES Next up: Enterprise Activity Monitoring The Power to HUNT November 5th | 2PM ET/11AM PT Download a Sample Adversary Intelligence Report http://www.crowdstrike.com/ sites/default/files/deeppanda.pdf For additional information, CONTACT SALES@CROWDSTRIKE.COM *NEW* Videos Every Thursday | 1PM ET http://www.crowdstrike.com/crowdcasts/index.html 2013 Crowdstrike, Inc. All rights reserved. 33
  • 34. Q&A Q&A @CROWDSTRIKE | #CROWDCASTS Please type all questions into the Q&A section of the GoToWebinar Control Panel If you have additional ?’s, contact us At crowdcasts@crowdstrike.com 2013 CrowdStrike, Inc. All rights reserved. 34