Hi [[ session.user.profile.firstName ]]

Thwarting Extortion: Ransomware Detection and Prevention

Anti-ransomware methods are a hot topic with many different approaches. But what are these methods and how do they work? How can we give the initiative back to the defender in the arms race between attack and defense?

In this webinar, our panel discusses why directing and preventing ransomware poses different intellectual and practical challenges compared to other forms of malware, along with the opportunities to develop new mitigation techniques. They'll also cover:
-A technical overview of the current research across categories such as filessystem interaction, API calls, ransom notes, and network activity
-Five new methods for ransomware detection and prevention
-A statistical analysis of ransomware and attacker behaviors
Recorded Aug 18 2021 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Katie Paxton Fear (Application Security Engineer); Matt Wixey (R&D Lead, Cyber Security Practice); Steve Paul (Black Hat)
Presentation preview: Thwarting Extortion: Ransomware Detection and Prevention
  • Channel
  • Channel profile
  • Cybersecurity and the Board: Current Perspectives and Expectations Oct 28 2021 5:00 pm UTC 45 mins
    Robyn Denholm: Experienced Executive & Board Member and Toby Bussa: Bugcrowd Product Marketing Director
    Cybersecurity is a critical concern as cybercriminals, nation-states, and other threat actors increasingly target organizations and cause disruption and harm. Additionally, governments and regulatory authorities are also increasing their scrutiny of organizations. For example, in the U.S., the SEC recently sanctioned organizations "...for failures in their cybersecurity policies and procedures." The European Union’s General Data Protection Regulation (GDPR) has led to fines against organizations that stemmed from cybersecurity data breaches. All of these events are driving boards of directors to focus more on the cybersecurity aspects of their organizations.

    In the inaugural episode of Bugcrowd’s CrowdCafe we are joined by Robyn Denholm, who recently joined Bugcrowd’s board. We’ll discuss the following topics and questions:
    - How well is cybersecurity understood by boards these days? Is it different now than it was 12 to 18 months ago in light of the increasing number of, and impact from, ransomware and nation-state attacks?
    - What are board members worried about when it comes to cybersecurity?
    - Security and risk management leaders often struggle to translate cybersecurity from a technology issue to a corporate concern. What kind of information and measures are boards looking for and expecting from their cybersecurity leadership?
    - Should we expect to see it become the norm that a director on a board understands and/or speaks "cybersecurity"? Will this happen within the next couple of years or will it take longer?
  • Shorten your software vulnerability remediation by over 35% Recorded: Oct 20 2021 46 mins
    Casey Ellis: CTO at Bugcrowd, Andreas Schneider: Group CISO at TX Group and Matias Madou: CTO at Secure Code Warrior
    Between looming deadlines and increased pressure to launch better products faster than the competition, modern-day developers have less time than ever before. Valuable time is often consumed by rework, debugging, and code maintenance - a recent survey found 38% of developers spend up to a quarter of their time fixing software bugs. Over half of developers say if they didn't have to spend so much time fixing bugs, they would have enough time to build new features and functionality.

    In this webinar, join experts from Bugcrowd, Secure Code Warrior, and TX Group, as they discuss:

    Why vulnerabilities continue to be an issue despite the use of scanning tools
    The importance of security testing as a component of the security workflow
    How to fix the traditional security training model
    How to help your developers find and fix vulnerability issues faster
    Steps to leverage crowdsourced security to optimise your security model
    Join the discussion to hear how TX Group is addressing this challenge and pick up practical tips to help your development team today.
  • Ransomware-A True Story Recorded: Oct 15 2021 16 mins
    Katie Paxton Fear, Security Applications Engineer, Bugcrowd
    Often we hear about ransomware targeted at organisations who are specifically targeted by gangs to make a profit, pipelines or organisations at the top of the supply chain. However, ransomware is a threat that all businesses face, even SMEs, and often these organisations struggle the most in protecting, responding and recovering from ransomware incidents.

    This is a true story about Bugcrowd's Application Security Engineer, Katie Paxton Fear and the first week at her first job after finishing her degree. She provides a detailed story how her company got hit by ransomware and the difficult decisions some of the most junior members of staff had to make. While the company did have backups, how did they justify/make the case to shut down the entire business for a day or determine to just pay the ransom? Overall, it's the story of how the security culture failed and how they could have prevented the attack in the first place, by following some simple pieces of advice and how other SMEs can learn from this experience.
  • A discussion on threat-lead prioritization Recorded: Oct 14 2021 45 mins
    Joerg Schauff, Threat Intelligence Advisor, Casey Ellis, CTO and Founder, Gerhard Beeker DACH Bugcrowd
    The blistering pace of technology changes and the increasing aggression of cyber-bourne adversaries are making it increasingly difficult to prioritize vulnerabilities. Also, the consequences of an exploited vulnerability are exploding in cost, especially with the rise of ransomware around the world, so it is more important than ever to prioritize this management of vulnerabilities.

    Fortunately, Bugcrowd are experts in this area. Every day, we review and triage hundreds, if not thousands, of vulnerabilities from our helpful hacker community which would otherwise be used as footholds for malicious attackers.

    In this webinar, Bugcrowd is partnering with the world leading experts in endpoint security CrowdStrike, where we will sit down together and merge Bugcrowd's knowledge of "what is vulnerable, and where" with CrowdStrike's market-leading (intelligence) knowledge of "who is attacking what" to discuss:

    -Which eCrime and nation-state actors are taking advantage of current vulnerabilities?
    -What methods, tools, and procedures do these attackers employ?
    -What role can the whitehat hacker community and platforms like Bugcrowd play in making vulnerability prioritization simpler and more effective?
  • Identifying and Avoiding Insider Threats in Today’s Remote Workforce Age Recorded: Sep 23 2021 46 mins
    Tommy Todd at Code42, Alex Kirk at Corelight, Katie Paxton-Fear at Bugcrowd
    Today, Insider Threat poses an even greater risk to businesses in the wake of the COVID-19 pandemic. Forrester Research, Inc. reported that in 2020, a quarter of all security breaches were caused by an insider and estimates that in 2021, Insider Threats will account for 33% of security breaches.

    Watch this session with a panel of experts, including Bugcrowd’s Katie Paxton-Fear, who discuss:
    - Factors that contribute to this increase in Insider breaches
    - How remote work has impacted the malicious & non-malicious Insider Threats facing businesses
    - The implications on enterprises today.
  • Thwarting Extortion: Ransomware Detection and Prevention Recorded: Aug 18 2021 59 mins
    Katie Paxton Fear (Application Security Engineer); Matt Wixey (R&D Lead, Cyber Security Practice); Steve Paul (Black Hat)
    Anti-ransomware methods are a hot topic with many different approaches. But what are these methods and how do they work? How can we give the initiative back to the defender in the arms race between attack and defense?

    In this webinar, our panel discusses why directing and preventing ransomware poses different intellectual and practical challenges compared to other forms of malware, along with the opportunities to develop new mitigation techniques. They'll also cover:
    -A technical overview of the current research across categories such as filessystem interaction, API calls, ransom notes, and network activity
    -Five new methods for ransomware detection and prevention
    -A statistical analysis of ransomware and attacker behaviors
  • PrintNightmare Vulnerability: What You Need to Know Recorded: Aug 4 2021 16 mins
    Casey Ellis (CTO, Founder, & Chairman); Adam Foster (Application Security Engineer)
    PrintNightmare or PrinterNightmare is an interesting vulnerability currently impacting Microsoft systems. This vulnerability can be executed on remotely and has a lot of potential for ransomware implications.

    Join Bugcrowd’s Founder, CTO, and Chairman Casey Ellis and Application Security Engineer Adam Foster for this 15-minute security flash, where they will break down:

    -The unique history behind this vulnerability
    -What defenders’ next steps should be
    -This vulnerability from the security researcher perspective
    -Information on the active patch
    -How Bugcrowd can help organizations better understand their exposure to vulnerabilities like this
  • Tips and Tricks to Penetration Testing - A Layered Security Approach Recorded: Jul 28 2021 45 mins
    Kaushik Srinivas and Michael Skelton (Codingo)
    Pen testing is widely known as a key security best practice. In fact, in June of 2021, The White House released a memo encouraging business leaders to take urgent action to counter ransomware threats. One of their guidelines addressed the importance of penetration testing. From the memo:

    “Use a third party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.”

    This webinar dives into the layered approach of pen testing, a powerful way to discover new vulnerabilities in your assets. We’ll be talking to Bugcrowd experts Kaushik Srinivas and Michael Skelton (Codingo) to learn:
    - Why pen testing can be a security best practice
    - Different approaches to pen testing and how to find the best fit for your organization
    - Pen testing use cases and tips for better results
    - How to optimize pen testing incentives to best match your organization’s needs

    We’ll also discuss Bugcrowd’s Pen Testing offerings and how you can tailor it to best match your needs and use cases.
  • Kaseya/REvil Attack Explained Recorded: Jul 15 2021 14 mins
    Casey Ellis (Bugcrowd CTO, Founder, & Chairman)
    Ransomware has been the “topic du jour” lately among security professionals and beyond. But what about the recent Kaseya REvil ransomware attack is different?

    In this 15-minute security flash, Bugcrowd’s CTO and founder, Casey Ellis, answers frequently asked questions about this ransomware attack, including:
    -What happened?
    -Why is it concerning?
    -What was the impact?
    -What should orgs be doing right now?
    -How can Bugcrowd help?

    Check out these links for further reading and information about the attack and ransomware.
    https://www.bugcrowd.com/blog/the-kaseya-revil-attack-explained/
    https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
    https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress
    https://twitter.com/GossiTheDog/status/1412386715155767298
    https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
  • Colonial Pipeline Attack: A Look at Ransomware in National Infrastructure Recorded: Jul 14 2021 17 mins
    Dr. Katie Paxton-Fear
    A month after the Colonial Pipeline ransomware attack, we’re looking back with lessons learned. In this 15-minute security flash, Dr. Katie Paxton-Fear recaps the attack, gives background on how ransomware works, and looks at the potential impact of ransomware in critical national infrastructure.
    She also covers several key questions, including:
    - Should paying ransoms be illegal?
    - How do industrial controls work?
    - What steps can organizations take before a ransomware attack?
  • Best Practices for Implementing and Managing a VDP Recorded: Jun 29 2021 54 mins
    Casey Ellis (CTO, Founder, & Chairman); Grant McCracken (VP of Operations)
    Vulnerability Disclosure Programs (VDPs) are a commitment to security transparency and an understanding that vulnerabilities are an inevitable part of development. But they’re also extremely practical – 87% of organizations have received a critical or high priority vulnerability through a VDP.

    In this webinar, you’ll learn:
    -What is a VDP and why is it included in the NIST Cybersecurity Framework?
    -5 key benefits of a VDP
    -The role white-hat hackers and VDPs played in the 2020 US presidential elections
    -Tips to starting a VDP
    -8 best practices to manage a VDP
  • 3 Expensive Attack Surface Management Mistakes to Avoid Recorded: Jun 15 2021 35 mins
    Randy Young, Product Manager, Bugcrowd
    Attack surface is evolving faster than ever before. In fact, 2/3 of organizations say attack surface management is more difficult than it was two years ago. So how can we make it easier, not harder?

    In this webinar, we’ll sit down with Bugcrowd Product Manager Randy Young to discuss some common attack surface mistakes that can have expensive consequences.
  • 5 Tips and Tricks for Running a Successful Bug Bounty Program Recorded: Jun 1 2021 25 mins
    Alexander Laliberte, Grant McCracken
    Bug bounties have continued to grab headlines over the past year - we’ve seen 40% growth in program launches during the past year. As bug bounty programs have become a necessity, so has understanding the nuances of how to make a bug bounty program successful.

    Running a successful bug bounty program starts far before the actual program launch and is a continuous process. If you're running your own, or starting with a vendor, what do you REALLY need to to know?

    Join Cisco Meraki’s Bug Bounty Program Manager, Alexander Laliberte and Bugcrowd’s Sr. Manager of Solutions Architect, Grant McCracken for a panel discussion on:

    - What a successful program looks like
    - Practical tips for optimizing your bug bounty program
    - What levers an organization can pull to see success
  • Parler Security: What Happened? Recorded: Apr 20 2021 19 mins
    Casey Ellis, Coen Hyde
    Parler was hacked due to a common development mistake. How can you avoid the same fate?

    When it comes to startups, priorities are generally focused around getting off the ground and making payroll, often sacrificing security.

    The reality is, the bad guys don’t care if you’re a startup or more established. We saw this at Parler, the internet’s new social networking site. Parler got caught in the common startup balancing act, experiencing hyper-growth with a lack of threat modeling.

    Today on the Bugcrowd Stream, our Founder and CTO Casey Ellis spoke with Director of Infrastructure, Coen Hyde, about the role of security in the early stages of a business and how asking what might go wrong early on could save you a lot of grief later.
  • Are there Legal Safe Harbors in Vulnerability Disclosure? Recorded: Jun 14 2018 60 mins
    Amit Elazari, Doctoral Law Candidate, CLTC Grantee, UC Berkeley School of Law. Casey Ellis, Founder and CTO, Bugcrowd
    While the crowdsourced security economy is growing across all industries, many still wonder if bug bounties and vulnerability disclosure programs put white hat hackers at legal risk rather than authorizing access and creating legal safe harbors. Who dictates the rules of the crowdsourced security economy? Who safeguards the legal interests of the individual hacker, the Crowd?

    Join Amit Elazari, doctoral law candidate, CLTC Grantee, UC Berkeley School of Law, and Casey Ellis, founder and CTO of Bugcrowd, on Thursday, June 14 at 1 p.m. PST (4 p.m. EST) for a live video discussion on:

    - Minimizing legal risks of hackers participating in crowdsourced security
    - What can be done to foster safe harbor adoption in bug bounties
    - The importance of standardizing legal terms, in light of the recent DOJ framework
  • CISO Panel: 5 Ways to Combat Modern Security Challenges Recorded: Mar 7 2018 58 mins
    CISO Panel
    Last year saw dramatic shifts in the cybersecurity landscape. The number of data breaches and cyber-attacks is skyrocketing. CISOs and security leaders are struggling to find and invest in the best approaches to combat cybercrime for their organizations.

    Traditional application security testing methods just aren’t cutting it anymore, leaving so many organizations vulnerable. To get a better understanding on what is top of mind for cyber security leaders this year, we surveyed more than 250 CISOs, CIOs, CTOs and CIOs across different industries and regions.

    Join our live CISO panel discussion which will outline this year’s top security goals and concerns:

    1. Overcoming cybersecurity resource shortages
    2. Managing increasingly complex tools and proving their ROI
    3. Addressing perceived concerns in running a VDP or Bug Bounty Program

    Featuring:
    David Baker, CSO, Bugcrowd
    Geoff Poer, CISO, Chronos
    Martin Rues, CISO, Outreach.io
    Maxime Rousseau, CSO, Personal Capital
  • Lessons Learned: How Equifax Changes The Way We Think About Cybersecurity Recorded: Oct 26 2017 26 mins
    Casey Ellis, Founder and CTO, Bugcrowd, Johnathan Cran, VP Product, Bugcrowd
    There is no silver bullet against targeted and enduring attacks, and the reality is that if an external threat has enough resources at its disposal there is nothing that will make companies 100% protected.

    Now more than ever, companies need to reexamine how they think about cybersecurity, empower their security teams, and prioritize security programs against competing internal initiatives.

    Building and maintaining the appropriate mix of cybersecurity resources, processes, and company-wide emphasis can be a challenge for all companies regardless of their size or security maturity.

    Register now to learn 3 core lessons learned from the Equifax data breach, and why many security leaders are adding Vulnerability Disclosure programs to patch vulnerabilities faster, give visibility and priority to known issues, and refine their SDLC.



    About Bugcrowd:
    The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 65,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity.
  • CISO Panel: Bolster Your Security with Bug Bounties Recorded: Sep 28 2017 54 mins
    Alvaro Hoyos, Dave Farrow, David Baker, Gene Meltser
    Security vendor products are held to a higher standard of security—and for good reason as the very existence of their organization could be at risk due to a vulnerability. Many of these vendors are turning to bug bounty programs to not only find any vulnerabilities in their products and services, but also to provide assurance to their clients.

    Join our CISO panel for a live discussion on the following topics:
    1. Protecting complex environments and highly sensitive data
    2. Overcoming cybersecurity resource shortages
    3. Achieving security coverage at scale

    Featured speakers:
    Alvaro Hoyos, CISO @ OneLogin
    Dave Farrow, Sr Dr., Information Security @ Barracuda Networks
    David Baker, CSO @ Bugcrowd, formerly CISO @ Okta
    Gene Meltser, Enterprise Security Architect @ Sophos
  • Expert Panel: Bug Bounty Trends and What They Mean Recorded: Jul 27 2017 60 mins
    Casey Ellis, Founder & CEO, Bugcrowd Jeremiah Grossman, Chief of Security Strategy, SentinelOne HD Moore, Founder of The Meta
    Traditional methods for vulnerability discovery are failing us. With rapidly expanding attack surfaces, motivated adversaries, and the growing shortage of full-time infosec professionals, organizations are fighting a losing battle. One thing is clear: We need a new approach.

    Enter the Bug Bounty model. Bug bounties have quickly evolved from a “nice to have” to a “must have” for most application security teams.

    What’s behind this trend? Why are bug bounties growing, and why now?

    Join our expert panel as we discuss the key findings from The 2017 State of Bug Bounty Report.

    Speakers:
    - Casey Ellis, Founder & CEO of Bugcrowd
    - Jeremiah Grossman, Chief of Security Strategy at SentinelOne
    - HD Moore, Founder of The Metasploit Project
  • 3 Reasons to Swap Your Next Pen Test for a Bug Bounty Recorded: Jun 29 2017 60 mins
    Jason Haddix, Head of Trust and Security & Wade Billings, VP, Technology Services, Canvas by Instructure
    In the past several years, bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Instructure, the company behind Canvas Learning Management System (LMS), made the switch three years ago and have never looked back.

    In this webinar, we will explore...
    • Why Instructure replaced their last three penetration tests and the results they’ve found
    • The three fundamental differences between the penetration testing model and the bug bounty model
    • How organizations running bug bounty programs have seen improved results in both volume and quality in vulnerability submissions
Trends and best practices in application security, pen testing & more.
Bugcrowd is the force multiplier in cybersecurity, providing access to a global network of ethical hackers who help organizations maximize the impact of their security defenses. Top Fortune 500 organizations trust Bugcrowd to manage their Penetration Test, Bug Bounty, Vulnerability Disclosure, and Attack Surface Management programs. Bugcrowd helps organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Thwarting Extortion: Ransomware Detection and Prevention
  • Live at: Aug 18 2021 5:00 pm
  • Presented by: Katie Paxton Fear (Application Security Engineer); Matt Wixey (R&D Lead, Cyber Security Practice); Steve Paul (Black Hat)
  • From:
Your email has been sent.
or close