Taking Down the World's Largest Botnets: An Inside Look at Grum
Botnets are controlled by sophisticated cybercriminals. Grum, the world's third-largest botnet, included a network of hundreds of thousands of infected computers perpetrating cybercrime and online fraud, impacting consumers and organizations worldwide.
Hear directly from a FireEye malware expert who led the effort to take down Grum, including:
• Distinct strategies for botnet takedowns
• Evolution of Grum
• Role of the research community in finding Grum master CnC servers
• A blow-by-blow account of how the criminals tried to salvage Grum and what's next
Learn how botnets operate and how research and technology from FireEye played a key role in dismantling four of the world's largest botnets since 2008, including Grum, Rustock, Ozdok/Mega-D, and Srizbi.
Cyber Risk is the Risk most underestimated by businesses according to the 2015 Allianz Risk Barometer.
Learn how organisations can lower cyber risks associated with loss of reputation, business interruption, and loss of customer data, by improving detection and response capabilities.
Plus, watch a LIVE DEMO of an example attack on a public facing ecommerce website, and how detecting and responding to the threat earlier can lower cyber risk.
Discover how organisations now need to go beyond traditional signature based defenses and firewalls to disrupt attacks across the entire attack chain, with the need for security intelligence and behavioural analytics to help prioritise and detect areas of risk.
Did you know that 80-100% of serious security breaches involve privileged account misuse or compromise?
This, in large part, is due to the fact that enterprises are becoming more complex with an increasing number of users and devices needing network access to privileged accounts. In many cases, advanced attackers are focused on achieving domain administrator privileges because of the unrestricted access and control these credentials have in the IT landscape.
Join (ISC)² and CyberArk in this webinar where we’ll discuss and demonstrate:
-vulnerabilities posed by unsecured privileged accounts
- the state of cyber security and attacker motivations
- lateral movement techniques - using real-world data - that enable an attacker to take over a network
- the expanding threat landscape posed by complex IT environments
Wireless is now the expected medium of choice for network users. Delivering it successfully can be a challenge especially with multiple different approaches and architectures available. What is right for your organisation? Cloud? Controller? How is it all secured?
This session will discuss 3 main Wi-Fi architecture types, their different advantages, the wired edge, and how to secure it all. Importantly, we will finish with what to consider when making the right choice for your needs.
As advanced threats rapidly increase in complexity, technology must evolve to find smarter ways of detecting and blocking attack techniques across IT control points.
Symantec has developed 3 innovative technologies with Advanced Threat Protection that will change the game - helping customers detect, prioritise and respond to threats within minutes – from a single console, with a single click.
Join this webinar to understand how Symantec technology can improve your advanced threat protection.
IT organizations face rising challenges to protect more data and applications in the face of growing data security threats as they deploy encryption on vastly larger scales and across cloud and hybrid environments. By moving past silo-constrained encryption and deploying encryption as an IT service centrally, uniformly, and at scale across the enterprise, your organization can benefit from unmatched coverage— whether you are securing databases, applications, file servers, and storage in the traditional data center, virtualized environments, and the cloud, and as the data moves between these different environments. When complemented by centralized key management, your organization can apply data protection where it needs it, when it needs it, and how it needs it—according to the unique needs of your business. Join us on November 25th to learn how to unshare your data, while sharing the IT services that keep your data secure, efficiently and effectively in the cloud and across your entire infrastructure.
In this webinar, learn about the new capabilities in the Informatica PowerCenter 10 editions and how they will increase your development agility.
Through the eyes and daily routine of typical developers and business analysts you will discover how this new release:
. Enhances the collaboration between IT developers and business analysts
. Delivers more powerful visualization for data profiling
. Delivers a new monitoring dashboard to view service health and system usage
. Increases your productivity with up to 50X faster data lineage rendering
. Enhances your project reach with new connectors and real time capabilities
. Includes new capabilities for parsing semi-structured and unstructured data
Watch this webinar to accelerate your deliver of data integration-based value to your organization.
The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.
Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.
Asad Baheri, Product Sales Specialist, Mobile Threat Prevention
Mobile devices are ubiquitous in today's society. The number and types of devices used by physicians, nurses, clinicians, specialists, administrators, and staff – as well as patients and visitors – are growing at healthcare organizations across the country. Providing anywhere/anytime network access is essential, particularly when instant communication is required to ensure quality patient care. But the mobile devices are launched daily with upgraded versions of operating systems that are ripe for infection.
FireEye Mobile Threat Prevention identifies and stops mobile threats. Rather than relying on signatures, which are powerless against today’s constantly changing threats, FireEye Mobile Threat Prevention executes applications within the FireEye MVX engine to protect mobile devices against compromise.
During this webcast, we will discuss the benefits of a mobile security strategy and identify how FireEye Mobile Threat Prevention (MTP):
- Offers real-time visibility of threats on mobile devices
- Displays play-by-play analysis of suspicious applications
- Provides an index of pre-analyzed applications
- Generates threat assessments for custom applications.
Join our webcast today to hear about the latest developments in mobile threats for healthcare.
Alec Randazzo, Sr. Incident Response Consultant, DJ Palombo, Consultant, Mandiant
Email is an essential tool of today’s business. In 2012, firms sent and received an estimated 89 billion emails every day. Email has also become a vector for cyber crime; phishing emails—with and without correct spelling—account for a significant portion of today’s attacks.
What happens when a targeted victim falls for a phish email and the attacker gains access to a network? Alec Randazzo and DJ Palombo from the Mandiant incident response team will examine an attacker’s step-by-step process, using real world examples. Recommendations will be provided on how to limit an attacker’s success within a network.
Join us for this webinar to gain critical insights from our experts in the field.
Ben Withnell, Incident Analyst, FireEye as a Service
Triage and remediation of attacks utilizing zero-day vulnerabilities requires technology, intelligence, and expertise that is often beyond the capabilities of most security teams today. With Clandestine Wolf, the name our security team gave to a recent zero-day campaign exploiting an Adobe Flash vulnerability, our analysts were able to validate the alert and begin response within minutes after first observing the attack.
In this webinar Ben Withnell, a FireEye as a Service (FAAS) incident analyst, will discuss how the Clandestine Wolf campaign was discovered, triaged, and remediated across the FireEye as a Service customer base. Throughout the webinar he will also share his insights into how our analysts handle APT threats, the attacker lifecycle, and remediation tactics.
Do you want to stop the complaints from upper management about malicious emails slipping through your current antivirus and antispam gateways? Has your IT team had enough of dealing with scourges such as CyptoWall? Are you tired of hearing that the “next big thing” from various IT security vendors will solve these problems only to see the products fail when put to the test? If you have any or all of these problems, this webinar is for you.
According to Verizon’s 2015 Data Breach Investigations Report, 77% of infections originate from emails containing malicious attachments or URLs–emails that should be stopped at the perimeter. FireEye can make that happen.
Join us on August 13 for a demonstration of how our proven Multi-Vector Virtual Execution (MVX) technology can help protect your organization from known and unknown threats. The webinar will also cover the threat landscape and provide information on:
•How FireEye’s MVX behavior analysis technology works
•What differentiates FireEye’s MVX technology from the traditional signature-based antivirus approach
•How FireEye can protect your email in the cloud and in your data center
As always, we’ll leave plenty of time for Q&A. Register today.
Rajiv Raghunarayan, Director, Product Marketing, Dan Reis, Endpoint Director
Traditional endpoint solutions were designed to deal with static, known threats. They accumulate large threat databases and signatures and when matches are found the threat is blocked. This approach simply does not work against today’s advanced and unknown attacks. And while organizations must protect every single endpoint, both traditional and mobile, an attacker only needs to compromise one to cause damage. Register now for this webinar where you will:
• Learn why protecting the multitude of endpoints is an on-going challenge
• Find out the importance behind detection and containment on all types of endpoints from PC to mobile
• Hear how FireEye offerings can help proactively protect against unknown threats on the endpoint
How can your company ensure all threat vectors are protected? In this webinar you will:
- Find out what it takes to secure your organization from today’s evasive advanced cyber threats
- Discover how to detect blended attacks that point products miss
- Learn how to safeguard your intellectual property, critical infrastructure, and customer records from multi-vector, targeted attacks
- Understand how to respond to incidents faster by reducing the number of false positives your security team has to sift through
- Get introduced to the FireEye products that can help achieve enterprise network security
Jason Rebholz, Principal Consultant, Mandiant (a FireEye Company)
In this webinar, we will discuss the healthcare industry threat landscape. In the past year alone, attacks against the healthcare industry have skyrocketed and the threat landscape has shifted.
Join us as we discuss the following:
•The current threat landscape
•Observation on the security posture of the healthcare industry
•Attacker tactics targeted at the healthcare industry
•A case study of a healthcare breach
•The threat horizon for the healthcare industry
•Lessons learned from the latest healthcare breaches
Jason Steer, Chief Security Strategist (EMEA), Jari Salomaa, Head of Mobile Product Management
Most of us rely on mobile apps for everything from banking to buying and messaging to mapping our route. Mobile devices are the go-to source to do work, watch videos, play games and—oh yes—even speak with another person.
But every time we download or use a new app to simplify our lives, we run the risk of a hacker accessing our data. A recent FireEye Special Report, Out of Pocket: A Comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps – is a revealing look at today’s top mobile app threats on two of the most widely used platforms. The report outlines the real risks associated with mobile apps and their implications to privacy, corporate data and security.
Join our industry experts for this interactive session to learn:
-Key Android and iOS threats based on the analysis of 7 million
-Trends in mobile app behaviors
-The impact of targeted malware and vulnerabilities
-Takeaways security leaders can implement to make devices more
secure in the workplace
Be prepared for the next wave of mobile cyberattacks. Register today to gain insight from FireEye’s latest report and our mobile subject matter experts!
Matt Graeber, Staff Reverse Engineer, Dimiter Andonov, Staff Reverse Engineer
Join FireEye Labs Advanced Reverse Engineering (FLARE) team members Matt Graeber and Dimiter Andonov for another exciting deep dive on new malware case studies found during Mandiant investigations. FLARE is dedicated to malware analysis and the development of tools to assist reverse engineering. The two malware they’ll dissect as part of this interactive discussion include:
1.Steganogram Shellcode Backdoor - The malware is a downloader and launcher that uses steganography to extract shellcode, commands, and data from PNG images. Which results in advanced modular backdoor capable of collecting wide range information related to the compromised system and executing even more shellcode!
2.Hybrid 32/64-bit Malware - The malware mixes 32-bit and 64-bit code to inject into the explorer.exe process depending upon the target architecture. We’ll show how this broke our malware tools and our solution.
Your adversaries are people: creative, nimble and persistent. They can bypass conventional security deployments almost at will, breaching systems in a wide swatch of industries and geographies.
Technology alone will not defeat a determined attacker. You need a strategic defense partner that combines the most advanced technology platform with the leading cyber security expertise and the latest global threat intelligence from around the world. FireEye as a Service (FaaS) does exactly this, and allows you to detect, prevent, analyze, and respond to security incidents in minutes rather than months.
Join FireEye, VP, CTO - Americas Josh Goldfarb, as he explores:
- The current state of cybersecurity and the new threat landscape
- The failure of traditional defense models in the face of a new adversary
- The value of an Adaptive Defense strategy and working with a trusted partner
- Real-world case studies
As always, we will save plenty of time for Q&A. Be sure to register now to take part in this critical webinar.
Kevin Sheu, Sr. Manager, Product Marketing, FireEye
Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
In interactive this session, you will learn about:
• The key use cases for network forensics
• The typical organization that acquires network forensics technologies
• How FireEye Enterprise Forensics enables the proper response to today’s cyber attacks
FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.
Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.
In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.
Join us for a dynamic discussion with subject matter experts where you will learn:
•What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
•Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
•How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare
Nart Villeneuve (FireEye), Daniel Regalado (FireEye), John Scott-Railton (The Citizen Lab)
FireEye recently released a new report “Behind the Syrian Conflict’s Digital Frontlines” that documents a well-executed hacking operation that successfully breached the Syrian opposition.
Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.
We have only limited indications about the origins of this threat activity. Our research revealed multiple references to Lebanon both in the course of examining the malware and in the avatar’s social media use. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.
Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:
• An overview of the conflict in Syria and why cyber-espionage is an increasingly important factor
• An in-depth analysis of a critical breach of the Syrian opposition including an overview of the tools and techniques used by the threat actors
All webinar attendees will receive a free copy of the new Syrian report. Register today!
From Cryptolocker to the Apple iOS vulnerability, there have been numerous high-profile breaches in 2014. With the ever-changing threat landscape and advanced cyber attacks showing no sign of slowing down, organizations need to be prepared as we head into 2015.
Join our live webinar where Bryce Boland, CTO for Asia Pacific at FireEye, will share top, global security predictions and challenges for 2015. In this webinar:
•Find out the top 10 security predictions for 2015 and how they impacts organizations
•Discover the data that drove these predictions
•Learn about key strategies to take a proactive stance against advanced attacks
Barry Vengerik, Principal Threat Intelligence Analyst, Kristen Dennesen, Sr. Threat Intelligence Analyst
This week FireEye released a new report called Hacking the Street? FIN4 Likely Playing the Market. This report focuses on a targeted threat group that we call FIN4 (Financially Motivated Group 4), whose tactics are surprisingly low-tech yet insidiously effective at obtaining access to confidential discussions at the highest levels of targeted companies. Our research suggests that FIN4 is likely targeting these companies in order to obtain advance knowledge of “market catalysts,” or events that cause the price of stocks to rise or fall dramatically.
Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:
• A deep dive into FIN4’s tactics and why they are simple yet surprisingly effective
• How FIN4 may be monitoring insider communications for a trading advantage
• Why FIN4 is different from other threat groups FireEye tracks
• A profile of organizations at risk, and what they can do to protect themselves.
All webinar attendees will receive a complimentary copy of the Hacking the Street? report.
Edward Lucas, Senior Editor, The Economist and Jen Weedon, Manager of Threat Intelligence, FireEye
FireEye just released a report called APT28: A Window Into Russia's Cyber Espionage Operations? The report focuses on a targeted threat group that we call APT28 (Advanced Persistent Threat group 28) and details ongoing, focused operations that we believe indicate a government sponsor - most likely the Russian government.
Join us for a roundtable discussion with Russian security expert, Edward Lucas of The Economist, and Jen Weedon, Manager of Threat Intelligence at FireEye.
Discussion topics will include:
•Russia's intentions and motivations in cyberspace
•Whether APT28's activity supports Russia's geopolitical strategy
•How Russian and Chinese network operations compare
•Which organizations and agencies are most at risk
Dave Shackleford, Lead Faculty, IANS, Josh Goldfarb, Chief Security Strategist - Enterprise Forensics, FireEye
The cyber threat landscape is dramatically evolving, but one thing is certain – attackers are becoming more and more sophisticated, and most organizations are struggling to keep pace. In a recent IANS and FireEye survey, security practitioners and decision makers share their perspective on the type of attackers they’re dealing with, how they’re responding to the growing threat, and the effect on organizations that have experienced a breach.
Join FireEye’s Chief Security Strategist (Forensics Group) Josh Goldfarb, and Dave Shackleford, IANS Lead Faculty, as they discuss:
•The kinds of products and controls most organizations are implementing
•What new technologies security teams are focusing on, and
•How security budgets are changing to align with security’s growing importance to the enterprise
Dr. Tao Wei, Sr. Research Scientist, Yulong Zhang, Sr. Research Eng., Rob Rachwald, Sr. Dir. Mkt Research
Join us for this for this live session to learn:
•How a Sidewinder Targeted Attack can disrupt and hijack the network where targeted victims reside
•The risks of remote attacks on Android devices through apps downloaded from Google Play
•Different forms of attacks to Android vulnerabilities
•Current trends and best practices around mobile security
Taking on security needs at a new organization can be complicated as you learn what’s currently in place, where the gaps are and the best way to drive change in your new organization. Get helpful guidance, beyond the technical details, from an experienced change agent.
This talk will discuss some of the ways in which security can be approached as a business process, rather than as an enigma, including:
•Your first 30 days: fame and foibles when taking over a new
•Gauging your business executives: how to talk with senior
business leaders and classify their responses to security in order
to make your relationship more effective
•Show me the money: how to review a security budget and quickly
match it up against your new organization's risk profile
•Finding strategic partners: a litmus test for discussions with key
vendors to figure out who to trust and who is selling you a bridge
Threat actors’ tactics and motivations are evolving. Successful security teams continuously adapt to anticipate new tactics. That means adopting new approaches. Join us for this webinar, where we share FireEye’s point of view about how organizations can implement adaptive defense strategies that position them to detect, analyze and respond to security incidents of all kinds.
FireEye’s CTO, Dave Merkel, will discuss how security teams can reduce the time to detect and resolve security incidents.