Name: ToddyCat: an overview of a new APT group
Start: 2023-06-27T05:00:00Z
End: 2023-06-27T05:00:46.000Z
Location: BrightTALK
Rating: 0

In today's media landscape, we consistently encounter news of companies falling victim to cyberattacks, resulting in the exposure and sale of their data on the dark web. The wide array of data available on the dark web market, including internal databases, infrastructure access, and compromised accounts, presents a pervasive problem that affects businesses of all sizes. These breaches and related incidents don’t only disrupt operations and damage reputations, but they can also result in substantial fines and legal consequences.

According to Kaspersky, nearly half of the organizations that faced data breach incidents in 2022 lacked contact person responsible for handling such incidents. About one-third either failed to react, denied the incident, or showed indifference to their data being traded on the dark web. Only a few were adequately prepared to respond.

At our upcoming webinar, Anna Pavlovskaya, an expert at Kaspersky Digital Footprint Intelligence, will present a comprehensive guide to setting up a system that monitors dark web threats and navigating the aftermath of an incident. You will gain insights into:

- Structuring the incident response process, including the approach, necessary steps, and the specific roles assigned to the team members responsible for the process.
- Identifying the types of data commonly offered for sale on the dark web and understanding the differing response strategies based on these data categories.
- Effective communication with the media, customers, partners, shareholders, top management, and other parties involved.
- Strategies for rapid incident identification, investigation, response, and recovery from an incident or preventing it from occurring.

Responding to a data breach: a step-by-step guide

Modern cars are no longer just a means of transportation. Their built-in services can manage everything for drivers and passengers alike from seat heating, to using voice-controlled GPS to find a coffee, or make theater ticket reservations. Along with the development of consumer services, driver safety services have also been developed – distance sensors to neighboring cars, speed limit recognition and the eCall safety system, to name a few.

These hi-tech solutions designed to improve the user experience and make your journey safer, are architecturally based on algorithms and technologies that in themselves carry threats to information security. The wider the user experience, the wider the attack surface for an attacker. 

In this webcast, Cyberthreats to modern automotive industry, Sergey Anufrienko and Alexander Kozlov, security researchers at Kaspersky ICS CERT will discuss:

• Threat landscape: how has changed and evolved over the last 10 years
• Top threats the automotive industry is exposed to
• Standards of automotive security
• Trends in automotive security

Cyberthreats to modern automotive industry

As the digital landscape continues to evolve, so do the threats that organizations face. We cordially invite you to our upcoming webinar, where we will delve into the dynamic world of cybersecurity and explore strategies to defend against the ever-changing threat landscape using XDR (Extended Detection and Response).

Navigating the 2024 Cybersecurity Terrain XDR Defense Strategies

Modern cars employ a wide array of communication interfaces. Some, like Bluetooth and Wi-Fi, directly engage users, while others, such as RDS and GPS, provide user-facing services, and still others, like CAN and Ethernet buses, ensure the proper functioning of the car's internal systems. These interfaces contribute to the extensive flow of data within the car, forming its data flow graph. Within this graph, they serve as the "entry points" for malicious attackers seeking access to the vehicle. However, tampering with them does not necessarily lead to the loss of the car's security features.

In this webcast, cybersecurity experts, Alexander Kozlov and Sergey Anufrienko from Kaspersky's ICS CERT, will delve into the automotive security. Together, we will examine:

- We'll explore which interfaces attackers tend to favor when targeting cars and the reasons behind their choices.
- We'll focus on the techniques attackers employ when conducting attacks through specific interfaces, with an emphasis on classical techniques.
- We'll discuss how to defend against these threats and evaluate the feasibility of reducing associated risks.

Join us for this webinar, where we'll equip you with the knowledge and tools to not only comprehend the ever-evolving landscape of automotive security but also to safeguard your modern vehicle effectively.

Overview of modern car compromise techniques and methods of protection

While some of the existing cybersecurity solutions already provide Endpoint Detection and Response functionality for small and medium business, implementation of EDR in these organizations can cause doubts. Kaspersky’s long-term experience in the development and implementation of EDR Solutions found the following has frequently raised concerns:

• EDR is just a “better antivirus”;
• This technology is only suitable for large enterprises as it is meant to discover sophisticated threats that don’t target small companies;
• EDR is a sophisticated solution that requires security staff - trained in detection and response;
• EDR provides capabilities for full response and remediation;
• EDR becomes shelf ware very quickly.

Are these concerns fair? Join this webinar to find it out and decide if EDR technology fits your company’s need

Addressing myths around EDR

Join this webinar to get actionable information that will help you plan and develop your own security operations strategy and will guide you towards practically proven solutions. During the webinar, Roman Nazarov, Head of SOC Consulting at Kaspersky, will provide a comprehensive review of our consulting services – SOC Maturity assessment and SOC Framework development – and share informative insights based on successfully completed projects, including:

• The most common SOC services and their dependence on customers’ business areas
• Typical internal SOC processes and organizational structure and what influences them
• Common issues in security operations and how they’re mitigated

Kaspersky Security Operations Center provides consulting services for customers who aren’t ready to outsource their operations to a Managed Detection and Response team but want to develop internal security operations practices.

SOC consulting projects: common methodology and insights

Join us at Reasons to use Suricata for incident response and threat hunting as we delve into the world of Suricata, a powerful open-source network intrusion detection system (NIDS). In this webinar, we will explore the reasons why Suricata has become a go-to solution for incident response and threat hunting, and how it can effectively bolster your cybersecurity defenses.

Our expert, Tatyana Shishkova, Lead security researcher of Kaspersky Global Research and Analysis Team (GReAT), will provide a comprehensive introduction to Suricata’s capabilities. Gain insights from practical examples and understand how Suricata can be leveraged to proactively detect and neutralize potential cyber threats.

• get to know which threats can be detected using Suricata, and why it is crucial to write effective Suricata rules
• learn more about cases using Suricata for incident response and threat hunting
• discover new life hacks on Suricata

Reasons to use Suricata for incident response and threat hunting

Modern ransomware has transitioned to a Ransomware-as-a-Service (RaaS) model, with many groups sharing common tactics, techniques, and procedures in their attacks, or TTPs. These TTPs, described in MITRE ATT&CK, are like a glue that binds together multiple diverse teams operating at various levels with different priorities.

The Global Research and Analysis team (GReAT) at Kaspersky analyzed thousands of operations made by the different RaaS groups – and outlined the TTPs that the cybersecurity industry should consider in order to deliver a stronger protection for different organizations.

Join this webcast with Marc Rivero, a senior security researcher at Kaspersky GReAT. Marc will delve into the main TTPs used by modern ransomware groups and shed light on how to analyze them and use in attack detection and prevention.
• Kaspersky’s statistics on ransomware evolution
• Attack workflow using MITRE ATT&CK
• Overview of TTPs used by main ransomware groups
• Q&A session

Be aware of ransomware TTPs: applying MITRE to ransomware campaigns

In large companies, the sheer volume of information resources makes their attack surface significantly larger, compared to smaller businesses. Numerous factors contribute to this exposure, including networks spread across various locations that are consolidated into a single infrastructure, mergers and acquisitions with companies possessing lower security levels, outdated hardware and software, and more.

The level of preparedness for a potential incident directly impacts the effectiveness of the response and allows you to mitigate the attack’s impact. In this webinar, you will learn how to enhance incident responses for large-scale networks. Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky, will provide you with the following practical insights on:

• Optimizing incident response processes beyond mere scaling up by increasing personnel and systems involved
• Understanding incident response from a management perspective and why it should be an ongoing, cyclical process
• Exploring key principles for a successful response, emphasizing the significance of not only technical skills but also quality processes and soft skills
• Unveiling the limitations of backups in mitigating the consequences of an incident and discovering effective strategies to address them

Securing The Fort: How to master cyber incident response in a large company

In an age where cybersecurity threats are becoming increasingly sophisticated and dynamic, a holistic approach to threat detection and response is imperative. Extended Detection and Response (XDR), with its all-rounded threat detection and response capabilities, offers a powerful solution to address the evolving threat landscape in the world of containers. Explore the synergy between XDR and container security, offering a comprehensive strategy to understand threat detection and response in container security, and how XDR can be a game-changer in the cybersecurity strategy.

This event is a must-attend for security professionals, CTOs, CISOs, IT leaders, and anyone interested in staying ahead of the curve in the ever-evolving cybersecurity world. Join us to explore how XDR can be your ally in protecting containerized applications and securing your digital infrastructure.

XDR and Container Security: A Holistic Approach to Threat Detection and Response

IT and OT convergence brings a growing number of connections, equipment and services to industrial organizations. Maintaining control, availability, security and compliance will require a new generation of dedicated cybersecurity solutions. According to IDC Worldwide IT/OT Convergence 2022 Predictions, by 2024, 30% of industrial enterprises will incorporate centralized security management tools to bridge the IT/OT gap. The renewed Kaspersky Industrial CyberSecurity platform comes alongside this trend.
Kaspersky Industrial CyberSecurity (KICS) is a platform of natively integrated solutions for Operational Technology (OT) and Industrial Automation and Control Systems (IACS). It is a blend of products and expert services, catering to securing OT environments from cyber threats. These offerings provide a strategic initiative towards strengthening an enterprise's OT/IACS security landscape across industrial endpoint and network protection with centralized security management. This is powered with training, awareness, expert services, and intelligence. The KICS platform address all the cybersecurity needs of industrial enterprises and critical infrastructure operators. 
Concerned about industrial espionage and minimizing equipment downtime caused by cyberattacks? Join this webinar to learn more about how to protect your industrial infrastructure.

Achieving Cyber Resilience for Industrial and Critical Infrastructure

Global Endpoint Detection and Response adoption is on the rise, making it a de-facto standard for many organizations. Everybody has heard about it, but sometimes it’s hard to determine what you need for a particular task: EPP or EDR.

Join Nikita Zaychikov, Senior Product Marketing Manager at Kaspersky, to explore what EDR is really about, how it is different from EPP and when it’s best to use it. 
• EDR and EPP: what is the difference
• Why we need or don’t need EDR: exploring options for different organizations
• EDR myths
• EDR adoption in the world
• Types of EDR

EPP vs EDR: difference, use cases, adoption

As the industrial landscape evolves, so do the threats that accompany it. While many industrial threats may be developing slowly from year to year, subtle changes are reaching a critical mass, poised to reshape the cybersecurity landscape in the near future.

Join us for the webinar featuring Evgeny Goncharov, head of Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT). Evgeny will dissect the current state of industrial cybersecurity and provide invaluable foresight into what lies ahead. From the persistent menace of ransomware to the burgeoning wave of cosmopolitical hacktivism, we'll delve into the multifaceted risks facing industrial enterprises.

Join us to gain valuable insights into the key cybersecurity challenges facing industrial enterprises in the upcoming year. Learn how to effectively safeguard your operations and stay ahead of emerging threats. Plus, get an analysis of trends from 2023 and a comprehensive outlook on the evolving threat landscape in 2024.

Industrial cybersecurity in 2024: trends and forecasts

Digital transformation is the integration of computerized technology into all areas of a business. Organizations of all sizes are fundamentally changing the way they operate and deliver value to their customers. However, it’s not always clear to some business leaders what digital transformation really means. 

As the world continues to embrace sustainable energy solutions, it is becoming imperative to address the growing cybersecurity challenges that accompany this technological shift. Join this webinar Safeguarding the future: cybersecurity risks in alternative energy sources as it focuses on key security concerns related to solar power systems, solar power inverter vulnerabilities in particular, grid management vulnerabilities, and the risks associated with remote load balancing management.

In addition to residential applications, alternative energy sources are gaining traction in industrial settings, contributing to the global shift towards sustainable and eco-friendly practices. Industries are increasingly incorporating renewable energy solutions such as large-scale solar power plants, wind farms, and biomass facilities to power their operations.

This webinar will shed light on the vulnerabilities that are currently affecting the renewable energy sector, with a particular emphasis on home solar power generation. Cloud-based applications have become a popular choice for managing solar power systems, providing users with seamless control and monitoring capabilities.

Safeguarding the future: cybersecurity risks in alternative energy sources

With the cyber threat landscape constantly evolving, Extended detection and response or XDR promises to dramatically improve security teams’ investigation and response times. But as with any emerging approach, there can be confusion about what XDR is, how it differs from traditional security solutions, and what security outcomes users can expect from it.
In this high-risk digital environment, it’s essential to know how to manage cyber threats coherently and holistically. Security teams need to rely on deeper integration and more automation to stay ahead of cybercriminals.
Join this webinar to learn more about XDR:
• XDR meaning and definition
• How does XDR work?
• Why businesses need XDR
• What are the benefits of XDR?
• Example of XDR use cases

A proactive approach to threat detection and response – Learn more about XDR

As the world discusses ChatGPT-3 and its impressive capabilities, the business community is concerned about the AI’s potential to change the game for cyber criminals and wreak havoc in the world of defense organizations. Should businesses soon expect a wave of even more advanced cyber-attacks or simply more attacks? Will current cybersecurity solutions be enough? Or will ChatGPT instead provide cybersecurity specialists with more efficient and smarter defensive and threat hunting tools?

In this webinar, Kaspersky experts will discuss how ChatGPT currently influences the cyber threats landscape and cybersecurity in organizations, and contemplate whether this is a real game changer for the industry and, in particular Security Operation Centers (SOCs). The experts will also discuss the potential benefits of using ChatGPT in threat hunting and malware analysis.

In this webcast you will find out:
- If ChatGPT can really influence the threat landscape. Where can cyber criminals use it, and will it be effective?
- Will the emergence of ChatGPT and similar AI language models lead to increased cybersecurity costs?
- If ChatGPT is capable of becoming an autonomous hacking AI-tool
- How can cybersecurity experts employ ChatGPT: a demonstration of a scanner for Indicators of Compromise (IoCs)

The webinar will be conducted by Kaspersky's Vladislav Tushkanov, lead data scientist, Maher Yamout, senior security researcher, and Victor Sergeev, incident response team lead.

ChatGPT - good or evil? AI impact on cybersecurity

In the AI domain, individuals often find themselves taking a stance. Some argue that AI's technological advancements revolve around control and power, while others highlight its convenience. Simultaneously, the cybersecurity community remains wary of AI's potential to disrupt the threat landscape, possibly causing upheaval in defense organizations globally.

At the same time, the regulatory framework for emerging technologies is in its early stages of development, navigating uncharted territory during its formative development stages. This adds complexity to the discourse, as the ethical, legal, and societal implications of AI are yet to be fully addressed.

In this webinar, Kaspersky's experts and Prof. Dr. Dennis-Kenji Kipker of cyberintelligence.institute will delve deep into the multifaceted current influence of AI on cyber threats and the privacy landscape. While our Kaspersky expert illuminates technological intricacies, Prof. Dr. Dennis-Kenji Kipker will navigate the intricate landscape of AI laws and regulatory trends.Furthermore, our panel will scrutinize the pivotal AI developments of 2023 and provide insights into the forecast for the upcoming year. Our roundtable is joined by:
- Dennis Kipker, Research Director, cyberintelligence.institute, Frankfurt am Main
- Vladislav Tushkanov, Research Development Group Manager at Kaspersky’s Machine Learning Technologу Research Team
- Victor Sergeev, Incident Response Team Lead at Kaspersky’s SOC Technologies Research and Development Team
- Vladimir Dashchenko, Security Evangelist, Kaspersky’s ICS team

The Future of AI in cybersecurity: what to expect in 2024

Insights into the 2024 Threat Landscape: Gain a deep understanding of the threat landscape and its implications as we uncover the latest trends, emerging threats, and cyber risks.

Dive into 2024 Threat Landscape

ToddyCat is a relatively new advanced persistent threat (APT) actor that came to prominence in late 2020, and has been expanding – both technologically and geographically – ever since. The group is notorious for exploiting Microsoft Exchange servers across Europe and Asia, primarily aiming at governmental and military entities, but not confined to them. ToddyCat’s toolkit also became an object of special interest as it contains two brand new pieces of malware – dubbed Samurai backdoor and Ninja Trojan.

Kaspersky experts have been keeping an eye on how the group has been developing and, following a profound report published on Securelist, are ready to share their recent findings on ToddyCat’s ongoing campaign, and some advice on how to battle the group.

During the webinar, Giampaolo Dedola, a security expert at Kaspersky, will shed light on:

- What the ToddyCat group is, including its most outstanding techniques and spheres of interests;
- The group’s first campaign, infection scheme and Samurai backdoor;
- Ninja – a malware deployed by ToddyCat in recent attacks;
- ToddyCat’s new loaders and campaigns discovered during the investigation;
- Victimology and attribution.

ToddyCat: an overview of a new APT group

ToddyCat

Advanced Persistent Threats

Cyber Security

Attribution

Malware

Threat Detection

Security

Threat Analysis

Cyber Attacks

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

ToddyCat: an overview of a new APT group

Presented by

About this talk

More from this channel