Just because adversaries don’t modify their TTPs as frequently as their infrastructure doesn’t mean their behaviors are stagnant. On the contrary, today’s adversaries are evolving their TTPs with increasing frequency. In many ways, this is a positive reflection of the hard work of defenders – as defenses improve, adversaries are forced to find new ways of executing attacks. But recent examples show just how much adversaries maintain awareness about changing defensive landscapes, and therefore why intelligence around adversary TTP evolution is needed.
This presentation will explore notable examples of TTP evolution associated with common threats and malware, and will provide strategies for tracking, evaluating, and defending against this evolution.