Name: Initial Access & Malware Delivery Landscape: Top Threats and TTPs
Start: 2023-04-13T16:00:00Z
End: 2023-04-13T16:00:53.000Z
Location: BrightTALK
Rating: 5

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable. 

We believe that these tools and services should be independent of any specific vendor’s security product or capability. That independence helps ensure that our enterprise customers always understand what is best for them and that our solution provider customers are positioned to deliver success. 

In a landscape filled with an ever-growing number of ransomware operations, most security teams would agree that prioritization is a must. But the exact mechanics of that prioritization remain the subject of fierce debate. Using real-world examples focused on recently trending ransomware clusters, this session will demonstrate why structured, repeatable threat prioritization is an essential skill for CTI teams operating in today’s ever-evolving landscape and give practical guidance to enable teams to move towards improved comparison of new & long-standing ransomware threats.

Improving Ransomware Threat Assessment with Structured Prioritization

Join us for insights on the evolution of ransomware tactics, techniques, and procedures (TTPs) in response to changing targets and enhanced defenses. Discover how the "ransomware tool" ecosystem has expanded, with groups employing diverse supporting software during extortion attacks, and how to track and defend against these tools. The session will start with a demonstration from Tidal's Adversary Intelligence team showing how they analyze public reports to identify the latest tools and TTPs used by ransomware threats. Then we will discuss the most concerning and prevalent tools currently shaping the landscape.

CTI Ride Along: Tracking & Defending Against Top Ransomware Tools

Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, dives into a data-driven analysis of current cloud-focused threats, and how security teams can leverage timely threat intelligence extensions in Tidal to go beyond what’s in MITRE ATT&CK® to quickly prioritize cloud-specific defensive actions.

Prioritizing Cloud Defenses with Cyber Threat Intelligence

Ian Davila, Lead Adversary Emulation Engineer at Tidal Cyber, explains how Threat-Informed Defense has supported the evolution of security teams and their need to focus only on relevant threats - and he workshops how to actively do this, supported by relevant use cases.

Coverage Mapping with Threat-Informed Defense

When Frank Duff, our Chief Innovation Officer, first recorded this talk, he discussed the challenges that both end-users and their vendors have with the gap in tool utilization — what is advertised vs. what is possible vs. what is implemented. There’s still a lot of work to do here.

Register for this informative replay from Frank, who shows end users how to determine what coverage they actually have with their current defensive stacks, and the appropriate expectations to have of those capabilities. He’ll also talk about how Tidal Cyber can help end users and vendors alike bridge the gap as they relate to MITRE ATT&CK, so organizations get more out of their tech, and vendors can show greater value.

Some supporting thoughts:“We estimate that 90% of users misconfigure our solution.” – major security provider

“When I took over the security program, I found we had 3 different EDR solutions, and were in the process of buying another.” – Fortune 100 CISO

Good to the Last Drop: Squeezing More Juice Out of Your Oranges

Join Tidal Cyber's Director of Cyber Threat Intelligence for a hands-on tutorial of exciting new content & feature sets added to the Tidal platform in January 2024! Topics covered include:

-New Detection Analytics sources (The DFIR Report)
-New Threat Content (hundreds of newly added "Living-off-the-Land" utilities)
-New Tags feature: Introduction, Threat Research applications, & threat<>analytic pivoting workflows

Tidal Community Update: Defending Against Legitimate Utility Abuse

The MITRE ATT&CK Evaluations provide a useful datapoint to compare the efficacy of incident detection tools. However these results only focus on emulating a subset of the ATT&CK techniques once a year, while security organizations need to have an aggregated view of their coverage across the entire MITRE ATT&CK framework on a continuous basis.

Join this webinar with Cybereason and Tidal Cyber to learn some of the best practices for systematically tracking and improving your security program’s MITRE ATT&CK Coverage, to ensure incident detection and response readiness.

MITRE ATT&CK: Optimizing Coverage to Bolster Your Defense

Join us for a practitioner-focused workshop that will demonstrate how defenders at all experience levels can take steps to quickly operationalize timely, relevant intelligence to improve confidence in their organization’s defensive posture. Attendees can expect to take away a renewed appreciation for the threat-informed defense discipline and likely a new workflow tip or two heading into the new year.

Follow along with Tidal’s Director of Cyber Threat Intelligence as he goes hands-on with the resources & tools used daily by our Adversary Intelligence team to process the latest TTP-focused intelligence collected from a wide range of public sources. We will then dive deep into a recent government advisory on one of the world's most prominent cyber threats (APT28), showing how various free tools can be used to efficiently process a foreign-language CTI report, identify priority TTPs from within it, and spotlight notable ones for defensive next steps. Finally, we will show how defenders can level-up their threat-informed defense workflows by quantifying the threats & adversary behaviors relevant to their organization (and its defensive capabilities), allowing them to make quick, confident assessments around both established & emerging threats.

CTI Ride-Along: Operationalizing Recent TTP Intelligence for a Top Global APT

Key cyber adversaries regularly change their techniques to better accomplish their goals. Already in 2023, we’ve seen evolutions in the ransomware and infostealer landscapes, as well as additional shifts in techniques from espionage actors.

This session will explore some of the highlights of TTP (tactics, techniques, and procedures) intelligence from the second quarter of 2023 and discuss defensive actions to take in response to this intelligence.

Surf Report: A Review of TTP Highlights in Q2 2023

Tidal Cyber's Enterprise Edition empowers organizations to adopt threat-informed defense at scale. Getting started with Enterprise Edition might seem intimidating, especially if your team has a lot of custom rules or analytics, but the platform makes it easy! Join us for this Demo Day where we'll show just how easy it is to get started with Tidal Enterprise Edition.

Tidal Demo Day: Getting Started with Enterprise Edition

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Nigel Douglas, Technical Marketing Manager, and Thomas Labarussias, OSS/Ecosystem Advocate from Sysdig.

We've Got This Covered: An ATT&CK Introspection with SysDig

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Picnic CEO, Matt Polak.

We've Got This Covered: An ATT&CK Coverage Introspection with Picnic

Which threats matter most to my organization? A common question from security leadership, but usually not an easy (or quick) one to answer. This session provides practical guidance that empowers teams of virtually any size & maturity level to quickly start building, fine tune, and take action around a tailored cyber threat profile, enabling them to surface and prioritize the adversaries & techniques most relevant to their organization.

Cyber threat profiling is a powerful capability that gives teams greater focus and confidence to proactively address threats, but its adoption has been limited by misconceptions and lack of repeatable guidance on how to practically build profiles. We will walk through best practices for setting up a profile, using publicly-accessible resources to populate it quickly, and key factors that are commonly considered when fine-tuning a profile. Importantly, we will also demonstrate what can be done after a profile is built (identify defensive gaps & prioritize them for remediation), and tips for maintaining and updating your profile over time.

Cyber Threat Profiling: Where to Start and How to Take Action

Just because adversaries don’t modify their TTPs as frequently as their infrastructure doesn’t mean their behaviors are stagnant. On the contrary, today’s adversaries are evolving their TTPs with increasing frequency. In many ways, this is a positive reflection of the hard work of defenders – as defenses improve, adversaries are forced to find new ways of executing attacks. But recent examples show just how much adversaries maintain awareness about changing defensive landscapes, and therefore why intelligence around adversary TTP evolution is needed. 

This presentation will explore notable examples of TTP evolution associated with common threats and malware, and will provide strategies for tracking, evaluating, and defending against this evolution.

What?! Your Threats Are Evolving! A Study of Notable TTP Evolution

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Co-Founder and CTO of Remediant, Tim Keeler.

We've Got This Covered: Remediant

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Jorge Orchilles, the Cheif Technology Officer of SCYTHE.

We've Got This Covered: SCYTHE

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Itzik Kotler, co-founder and CTO of SafeBreach.

We've Got This Covered: SafeBreach

As part of our We've Got This Covered fireside chat series, Tidal is highlighting the solution providers in the Tidal Product Registry. In this video, Tidal's Chief Innovation Officer Frank Duff discusses lessons learned about MITRE ATT&CK with Silvan Tschopp, VP of Product Marketing at Picus.

We've Got This Covered: Picus

This webcast provides a broad overview of the top cyber threats currently used to gain initial footholds into victim environments and deliver a wide range of other, usually more impactful malware. Our research into loaders, remote access trojans (RATs), and other initial access threats fills a notable community knowledge gap by aggregating the TTPs associated with newer or resurging threats, including SocGholish, Gootloader, Raspberry Robin, IcedID, BumbleBee, Emotet, and more, and aligning them to a common lexicon (MITRE ATT&CK®) for quicker pivoting into defensive actions.

Although many of these threats are responsible for high infection volumes and are notoriously adept at modifying their TTPs, there has yet to be a comprehensive survey of how techniques might be shared (or differ) among the various operations, campaigns, & malware. This session will especially spotlight common early-stage attack techniques and overlaps in second- or later-stage payloads, helping defenders identify opportunities to prioritize their work and make the most efficient use of finite time & resources.

Initial Access & Malware Delivery Landscape: Top Threats and TTPs

Cyber Attacks

Cyber Incident Response

Cyber Intelligence

Cyber Defence

Threat Hunting

Threat Analysis

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Initial Access & Malware Delivery Landscape: Top Threats and TTPs

Presented by

About this talk

Tidal Cyber