Hi [[ session.user.profile.firstName ]]

Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year

Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. If the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.

That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.

During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discusses detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:

- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)

Then, Brian Coulson from LogRhythm’s Threat Research team demonstrates how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.

Register for the webcast to learn about the latest ransomware threats and how you can protect your organization from them.
Recorded Sep 17 2020 69 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Randy Franklin Smith (Ultimate Windows Security) and Brian Coulson (LogRhythm)
Presentation preview: Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year Recorded: Sep 17 2020 69 mins
    Randy Franklin Smith (Ultimate Windows Security) and Brian Coulson (LogRhythm)
    Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. If the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.

    That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.

    During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discusses detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:

    - Phishing (T1566)
    - System Services (T1569)
    - Command and Scripting Interpreter (T1059)

    Then, Brian Coulson from LogRhythm’s Threat Research team demonstrates how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.

    Register for the webcast to learn about the latest ransomware threats and how you can protect your organization from them.
  • MITRE ATT&CK in the SIEM – An Update in SIEM Alignment Recorded: Aug 20 2020 54 mins
    Simon Howe, LogRhythm APAC VP, Karthik Murthy, Paul Prokop, LogRhythm Enterprise Sales Engineer & Solution Architects
    Want to learn how you can benefit from integrating the MITRE ATT&CK framework into your SIEM?

    During this Live Webinar, our experts will demonstrate how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware and intrusion detection/prevention systems (IDS/IPS), can help you get the most out of your SOC.

    You'll Learn:
    • How to apply the latest common ATT&CK techniques in your SIEM
    • Prioritise those techniques based on your business context, and
    • 3 ATT&CK Use Cases you can easily apply

    Save your spot!
  • Securing Telemedicine: The Current Landscape and Future Risks Recorded: Jul 29 2020 52 mins
    James Carder (CSO and VP of LogRhythm Labs, LogRhythm) and Kevin McDonald (Healthcare Cybersecurity Advisor)
    The healthcare industry already faces a number of unique challenges and threats. The data that these organizations collect includes extremely sensitive — and therefore valuable — information, making those organizations a target among cyberattackers. As telemedicine continues to grow, healthcare providers will have to address the proliferation of these threats, as well as the new cybersecurity concerns that come with a rise in adoption.

    Join this webinar to learn about the current telemedicine landscape and the future risks and requirements healthcare organizations will need to address if they want to secure ongoing and evolving telemedicine initiatives. You’ll hear from James Carder, LogRhythm’s CSO and former healthcare security director, and Kevin McDonald, a healthcare cybersecurity advisor with decades of experience in the industry.

    You’ll learn:

    • The current state of telemedicine
    • The cybersecurity threats specific to telemedicine
    • Future risks and requirements of securing telemedicine
    • Examples of how your team can best use its tools to monitor for these risks
  • Five practical use cases to enhance threat detection and response Recorded: Jul 22 2020 43 mins
    Jake Anthony, Systems Engineer and Simon Hamilton, Client Manager, LogRhythm
    Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

    In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

    These include:

    • Integrating endpoint detection for improved threat hunting capabilities
    • Combining logical and physical authentication to spot anomalous access
    • Automating detection and response to Phishing attacks
    • Detecting possible indicators of bit-coin mining
    • Improving incident response times through audio and visual alerting

    Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.
  • Experiences from the Trenches: Security Career Roundtable Recorded: Jul 15 2020 59 mins
    Kevin McDonald, Kyle Dimitt, Sam Straka
    Looking to take the next step in your career? Find out how others paved the way for success in the security field.

    In this roundtable, you'll hear from tenured security professionals on how they established their careers, overcame obstacles, and ascertained new roles and promotions. Most careers in cybersecurity are anything but linear. Learn how to navigate your own path — with or without a "traditional" background.

    Panelists included Kevin McDonald, Principal Healthcare Cybersecurity Advisor at MedSec, Kyle Dimitt Compliance Research, Senior Engineer at LogRhythm, and Sam Straka, Manager, Product Owners at LogRhythm.

    Watch the on-demand webinar today to find out how to achieve your career goals in the world of security.
  • Anatomy of a Hacker Group: APT29 On-Demand Webcast with UWS Recorded: Jul 8 2020 62 mins
    Randy Franklin Smith, Brian Coulson, Sallie Vincent
    APT29, or Cozy Bear, is well-known for its alleged infiltration of the U.S. Democratic National Committee in 2016.

    While the 2020 U.S election security may not be relevant to your organization, it's worthwhile to be familiar with the threat group; other actors can easily implement many of its behaviors to target organizations across industries.

    During this webinar, Randy Franklin Smith from Ultimate Windows Security and LogRhythm Labs' Threat Research team will:

    - Provide a holistic overview of APT29 and its notable activities
    - Share commonly-used TTPs that other threat actors can easily implement
    - Demonstrate how to identify and remediate threats resulting from these TTPs
  • MITRE ATT&CK for Threat Hunting and Detection Recorded: Jun 24 2020 88 mins
    Leonardo Hutabarat, Scott Jarkoff, Sanket Bhasin
    In this webinar, Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA and Sanket Bhasin, Crowdstrike Cyber Security Consultant, discuss how you can apply MITRE ATT&CK for rapid threat detection and response within your IT environments’ most crucial areas. You’ll see a live demo of incident response in action on the LogRhythm NextGen SIEM Platform with seamless Crowdstrike integration.

    Save your spot to see it in action.

    Presenters: Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA, Sanket Bhasin, CrowdStrike Cyber Security Consultant
  • 5 MITRE ATT&CK Techniques for Office 365 Recorded: Jun 16 2020 87 mins
    Randy Franklin Smith, Dan Kaiser, Brian Coulson, Sally Vincent
    MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including:

    - Initial Access: Get into your network
    - Persistence: Maintain their foothold
    - Privilege Escalation: Gain higher-level permissions
    - Defense Evasion: Avoid being detected
    - Credential Access: Steal account names and passwords
    - Discovery: Figure out your environment
    - Lateral Movement: Move through your environment
    - Collection: Gather data of interest to their goal
    - Exfiltration: Steal data

    The only ones missing at this time are:

    - Execution: Run malicious code
    - Command and Control: Communicate with compromised systems to control them
    - Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data.

    In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework.

    Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment:

    - T1114: Email Collection
    - T1534: Internal Spearphishing
    - T1098: Account Manipulation
    - T1136: Create Account
    - T1192: Spearphishing Link

    Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.
  • Cybersecurity in the Age of Digital Transformation Recorded: Jun 3 2020 55 mins
    Leonardo Hutabarat,LogRhythm Enterprise SE, Ng Yeok Chong,Gigamon APJ SE Director, Eugene Lee, Exclusive Networks Product Mgr
    COVID-19 has caused businesses across industries to implement remote work policies. But what new security concerns should be on their radar because of this?

    In the webinar, we will discuss how to:
    •Secure your remote users and mitigate common attack vectors
    •Achieve pervasive network visibility even in complex environments
    •Realize rapid threat detection and response with LogRhythm & Gigamon integration

    Presenters:
    Leonardo Hutabarat, LogRhythm Enterprise Sales Engineer,
    Ng Yeok Chong, Gigamon APJ Sales Engineering Director,
    Eugene Lee, Exclusive Networks, Product Manager
  • Practical advice from SANS 2020 Women in Cybersecurity Survey Recorded: May 21 2020 60 mins
    Heather Mahalik of SANS, sponsored by LogRhythm
    Women are rising through the cybersecurity ranks to become recognised leaders, experts and mentors. The 2020 SANS Women in Cybersecurity Survey drew on the shared experiences of successful women in cybersecurity to provide practical advice on becoming leaders in their organisations.

    Join this webinar to learn why opportunities for women in security have never been better, including survey data points such as:

    - More than 70% of respondents feel respected by their teammates
    - 64% report that they are sought out for their opinions on cybersecurity issues
    - 37% are advancing rapidly, moving into a senior position within one to four years

    In this webinar, we'll discuss gender bias, the effects of mentorship and practical advice on how to get ahead.
  • Five practical use cases to enhance threat detection and response Recorded: May 14 2020 47 mins
    Jake Anthony, Systems Engineer and Simon Hamilton, Client Manager, LogRhythm
    Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

    In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

    These include:

    • Integrating endpoint detection for improved threat hunting capabilities
    • Combining logical and physical authentication to spot anomalous access
    • Automating detection and response to Phishing attacks
    • Detecting possible indicators of bit-coin mining
    • Improving incident response times through audio and visual alerting

    Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.
  • Achieving a high-performing SOC - and being a successful cybersecurity leader Recorded: Apr 30 2020 60 mins
    Kev Eley, Client Director, LogRhythm and Dan Crossley, SE CISSP, LogRhythm
    As cyberattacks continue to make headlines worldwide, organisations that neglect the importance of fusing a pervasive security culture containing effective SecOps processes with skilled team players committed to do their very best are making a catastrophic error in judgement.

    A proliferation of security technologies alone – even if they are correctly configured – will never stop cyberattacks or protect an organisation from a possible data breach, unless the correct playbooks are implemented and consistently operated by a skilled, motivated team with full backing of the board of directors.

    Leading a cybersecurity team requires recruiting and retaining talent, developing the right strategy and fostering a culture of success. All while managing critical relationships with the board and other fickle stakeholders.

    In this webinar, Dan Crossley and Kevin Eley are joined by guest industry speakers Michael Brown and Andy Johnson as they discuss the key attributes of a successful cybersecurity leader. The discussion will include:

    •The importance of managing expectations with the board and implementing a robust infosec management system that must be measured
    •Whether a security operations maturity model can assist an organisation on their journey to building a culture of security that reduces risk
    •What – if any – lessons can the CISO learn from other walks of life
  • Securing a Remote Workforce: How to Get Started Recorded: Apr 17 2020 47 mins
    James Carder, Andrew Hollister, and Brian Emond (LogRhythm)
    In light of COVID-19, we’re seeing businesses across industries implement remote work policies. This brings about new security concerns, many of which either weren’t considered or prioritized beforehand.

    During this webinar LogRhythm experts including James Carder, CSO and VP of LogRhythm Labs, will review best practices for securing a remote workforce and what to expect when your employees make this kind of shift, whether it needs to happen now or in the future. Specific topics will include:

    - Getting started with log collection for remote systems
    - Priority use cases you should employ, such as monitoring VPN access and collaboration security
    - The types and levels of activity you should expect to see on your network, depending on your industry
    - The security awareness topics you should educate your employees on

    We’ll also discuss the impacts we’re seeing from the rush to support remote work due to COVID-19. These reveal lessons that others can implement now or work into a future plan to support a rise in remote workers.
  • Ask Me Anything: Learn How LogRhythm Implemented the WFH Change Recorded: Apr 15 2020 58 mins
    Rex Young, LogRhythm CIO; Zack Rowland, LogRhythm Strategic Integration Engineer
    As a result of recent events and the COVID-19 pandemic, most organizations are implementing work-at-home policies. Yet company-wide remote environments present unique challenges for IT and cybersecurity professionals.

    In this webinar, Rex Young, chief information officer, and Zack Rowland, strategic integrations engineer, reveal how LogRhythm rapidly migrated employees from in-office to remote work.

    The two discuss the steps LogRhythm took to prepare for such an event and how they put that plan in action as remote work became necessary. Rex and Zack also answer questions posed to them to help others implement the same work-from-home environment while keeping IT and security best practices top of mind.

    Topics covered during this webinar include:
    • How LogRhythm prepared its IT and security operations to accommodate a global work-from-home event
    • Q&A session to help IT and security teams accommodate a remote team
    • How to balance business continuity with security measures
    • IT and security implications to consider when implementing a work-at-home set-up

    Register today!
  • Dark clouds and silver linings: Countering the threat from cloud borne attacks Recorded: Apr 5 2020 27 mins
    Andrew Hollister, Director LogRhythm Labs EMEA, Kev Eley, Client Director, LogRhythm and Dan Crossley, SE CISSP, LogRhythm
    Cloud computing has delivered on its promise. By moving operations online, organisations have become more agile and have accelerated time to market for innovations. The number of organisations migrating to the cloud continues to accelerate. Gartner predicts that 28 per cent of spending in key IT segments will shift to the cloud by 2022.

    In this webinar, LogRhythm’s Andrew Hollister, Dan Crossley and Kevin Eley consider the cybersecurity implications for organisations that are seeking to embrace the cloud for doing business. They explore the options available to organisations to ensure the risks from cloud-borne cyberattacks are adequately reduced and mitigated.

    Attend this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for stopping cyberattacks to protect your organisation, and if you have cloud-first initiatives in your business.
  • 4 Trending Phishing Techniques: Real-Life Examples and Tips for Detection Recorded: Mar 27 2020 89 mins
    Randy Franklin Smith of Ultimate Windows Security | Eric Brown and Brian Coulson of LogRhythm
    Many successful attacks begin with a phishing email that some user falls for. And that’s why MITRE prominently features Spearphishing (T1192) as an Initial Access technique in ATT&CK.

    In this webinar, LogRhythm and Ultimate Windows Security explore the latest phishing techniques used by attackers and how MITRE ATT&CK can help detect and remediate these threats.

    In this on-demand webinar, we’ll show you actual examples of phishing attempts executed through:

    - Legitimate file-sharing sites
    - Fake Office 365 websites
    - Spoofed executive emails
    - The baseStriker vulnerability

    Watch now to learn more.
  • When ATT&CK is the best form of defence Recorded: Feb 14 2020 48 mins
    Kev Eley, Client Director, LogRhythm and Dan Crossley, SE CISSP, LogRhythm
    “If you know the enemy and know yourself you need not fear the results of a hundred battles” - Sun Tzu. The MITRE ATT&CK knowledge base provides a mechanism to understand the tactics employed by adversaries to compromise systems and ultimately exfiltrate data.

    In this webinar, Kev Eley and Dan Crossley outline genuine attack scenarios in the context of ATT&CK and discuss effective techniques for thwarting bad actors.

    Watch this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for stopping cyberattacks to protect your organisation.
  • Is SIEM still relevant now? Recorded: Feb 11 2020 48 mins
    Kevin Eley, territory manager, LogRhythm and Daniel Crossley, systems engineer, LogRhythm
    Certain vendors, some industry commentators and even some security professionals in enterprises proclaim that SIEM is no longer relevant and can be replaced by other controls. What fuels this speculation? And is it accurate?

    In this webinar, Kevin Eley and Daniel Crossley will

    - discuss the reasons why elements of the security community have become disillusioned with SIEM longing for its demise
    - outline the reasons why SIEM can deliver on its promise if undertaken correctly.
  • LogRhythm True Unlimited Data Plan for SIEM Recorded: Jan 23 2020 39 mins
    Bill Smith (LogRhythm) and Todd Weber (Optiv)
    If the volume of data in your environment is expanding exponentially, you have likely been surprised to see a rise in your SIEM contract each year. You may have even had to make the difficult — and risky — decision of which data not to protect to stay within your budget. Starting now, you don’t have to.

    With LogRhythm’s new True Unlimited Data Plan, your organization will pay one price to protect all data, users, and systems, even if those numbers increase year to year.

    Join Optiv and LogRhythm as we discuss how the True Unlimited Data Plan can help you reduce risk in your environment without spending millions of dollars to do so.

    This webinar will review how together, Optiv and LogRhythm can help you overcome the following challenges:

    > Increased headcount: more people means more data.
    > Infrastructure growth: adding networking and hardware increases your log volumes.
    > Increased revenue: the more your organization is worth, the larger the target it becomes.
    > Cloud-first initiatives: apps in the cloud generate more logs.
  • What is MITRE Attack? Recorded: Dec 5 2019 103 mins
    Randy Franklin Smith, Ultimate Windows Security and Brian Coulson, LogRhythm
    MITRE ATT&CK is a knowledge base and framework that lists and details adversary tactics and techniques within a common taxonomy. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviours.

    Join Randy Franklin Smith of Ultimate Windows Security and Brian Coulson of LogRhythm for an introduction to MITRE ATT&CK, as well as:

    - Share various ways to use ATT&CK, specifically in relation to designing, enhancing, assessing, and maintaining your security monitoring efforts.
    - Walk through an example of the MITRE attack process from start to finish while focusing on rule development and alignment in the LogRhythm NextGen SIEM Platform.

    Brian Coulson, from LogRhythm Labs, is leading an outstanding project at LogRhythm Labs where-in he will show you how they’re aligning the ATT&CK matrix with log sources, including windows event logs (XML – Security, XML Sysmon 8.0 and XML-System). While the matrix is wide spread in what it monitors, there are effective ways to filter around common and relevant detection techniques and logs.
Security. Made Smarter.
LogRhythm is a world leader in NextGen SIEM, empowering organisations around the world to successfully reduce risk by rapidly detecting, responding to and neutralising damaging cyberthreats. The LogRhythm platform combines user and entity behaviour analytics (UEBA), network traffic and behaviour analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. Visit our website for more information: http://www.logrhythm.com/

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year
  • Live at: Sep 17 2020 2:00 am
  • Presented by: Randy Franklin Smith (Ultimate Windows Security) and Brian Coulson (LogRhythm)
  • From:
Your email has been sent.
or close