Name: BPFDoor and So Much More: An Analysis of Linux Network Passive Backdoors
Start: 2022-11-23T11:40:00Z
End: 2022-11-23T11:40:47.000Z
Location: BrightTALK

CounterCraft is a cyber deception platform that offers active defense powered by high-interaction deception technology. Countercraft detects threats early, collects personalized, actionable intelligence, and enables organizations to defend their valuable data in real time. 

Alert! Breach Detected!...What Would You Do With 48 Hours?
How Deception Technology Buys You Time to Respond

“We’ve been hacked.” The phrase that no one wants to hear, and one that is often followed by a price tag of millions. What if you could flip the script?

What if you could buy you and your team 48 hours to act once a threat actor is exposed? Not only would you have time to mitigate, you could observe the threat actors to glean powerful intelligence around their motives and techniques. Decoy environments are a tool that gives you the ability to contain threat actors in an environment while you gather data and intelligence. The alert light flashes and your top 10 mitigation options get delivered immediately, so your team can take action.

In this webinar, Richard Barrell, Technical Evaluations Manager at CounterCraft, shows how deception technology enables you to catch threat actors before they breach the network. No exfiltrated data, means no reporting requirements, which means reputational damage is contained and your team can make adjustments to security posture based on real-time intel specific to your attack surface. Learn how you can contain them for an average of 48 hours, and see the technology in action.  Find out more in this webinar by CounterCraft.

Tune into this webinar to see: 
+ How deception works to deflect adversaries
+ Deception techniques to increase attacker dwell time
+ How automation can dramatically speed up incident response time
+ The adversary-generated threat intel difference
+ What kind of organizations and security teams are using this approach
+ CounterCraft’s technology in action

Learn how you can contain threat actors for an average of 48 hours, and see the technology in action.  Find out more in this webinar by CounterCraft.

Alert! Breach Detected!...What Would You Do With 48 Hours?

Your security infrastructure is under attack, and your SOC team is likely drowning in alerts. Something is broken—and that’s where advanced detection and response comes in. When your organization has real-time, adversary-generated threat intelligence, you cut through the fog of data and get a concrete idea of what’s happening inside and outside your networks.

If you want to implement sophisticated, active threat defense and enable your security teams to detect and respond to threats quickly, don’t miss this webinar.

Join Richard Barrell, Head of Product Management at CounterCraft, and Dan Brett, Chief Product Officer, as they demonstrate:
•     How your organization can eliminate the barrier to sophisticated detection and response operations.
•     Real life examples of how to create threat detection campaigns in a matter of minutes.
•     How users of CounterCraft’s Platform identify the most difficult-to-detect risks and mitigate them immediately, thanks to high-power automation and simplification.

Adversary-generated Threat Intelligence: Cut Through the Data Fog

What do the latest credential-stealing phishing exploits, theft of trade secrets, and ransomware attacks from Hive, BlackByte, LAPSU$$, and Lockbit3.0 have in common? The cornerstone of these high-profile attacks were insider threats, wherein employees were recruited to infiltrate and breach organizations.

And the effects are extremely damaging: according to CounterCraft data, incidents that take more than 90 days to contain cost organizations an average of $17.2 million on an annual basis. So, how can you detect and thwart similar insider threats within your network?

Watch this webinar for a comprehensive insider threat topical breakdown and an explanation of how to create deception environments that will contain adversaries and collect intel you can use to protect your network. The agenda includes:
•     8 common indicators of insider threat 
•     Examples of, and common approaches to stop, insider threats
•     Benefits of deception technology for more proactive cybersecurity
•     And more

8 Common Insider Threat Indicators & How to Defend Against Bad Actors

EDR… the cybersecurity solution that is a vast improvement over mere endpoint protection and anti-virus solutions….Right? Well, there is one small hitch—EDR is a reactive approach. EDR tools function on a reliance of behavioral analysis, meaning the attacks have already happened and now your team has to race against time to remediate them.

EDR avoidance is becoming a major issue, whether in the form of blindsiding, unhooking, DLL injection and more. Malware is now capable of detecting the presence of EDR and deploying mechanisms to avoid it. As usual, defenders find themselves one step behind the innovations of attackers.

In this webinar, Richard Barrell, Head of Product Management at CounterCraft, shows how combining EDR and XDR with cyber deception results in an incredibly powerful security tool. Deception keeps you one step ahead, allowing you to engage instead of react. 

Tune into this webinar to see: 
+ how cyber deception combats EDR evasion and keeps 
 organizations safer.
+ what kind of organizations and security teams are using this approach.
+ the technology in action.

Tune in to find out how it works!

EDR Isn’t Enough: How to Combat Blindsiding, Unhooking, DLL Injection & More

A major embarrassment, at best, and a national security threat at worst. The case of a 21-year-old Air National Guardsman charged with leaking top-secret U.S. documents shares at least one thing with another famous leaker Edward Snowden: they both worked in government tech support. 

Insider threat is one of the most difficult threats to uncover—there is no turn-it-on-and-forget-about-it solution. In addition, the cost of living crisis and constant rise in the intensity and sophistication of cyber crime means that insider threat is more likely than ever—so how does a federal employee or government cybersecurity professional fight back?

In this webinar, Shunta Saunders, Director of Global Pre-Sales for CounterCraft and former intelligence agency and government employee, will provide answers, including insights about how insider threats are evolving. 

Cyber deception offers shockingly effective ways to mitigate insider risk. Tune in to this webinar to see:
✔️ Why are insider threats so hard to detect, especially in the government sector 
✔️ Why generic mitigation strategies are failing
✔️ How cyber deception offers real solutions, thanks to its agnostic approach to threats and social engineering 
✔️ Real life case studies, including examples of propaganda and fake data that is particularly appealing to malicious threat actors.

Insider threat is not the impossible-to-mitigate risk it’s made out to be. Watch to find out more.

IT, Spies, and Nation States: 5 Ways to Stop Insider Threats in Government

Your security infrastructure is under attack. And your SOC team is drowning in alerts from the entire security stack. Something is broken—and that’s where advanced detection and response comes in. When your organization has real-time, adversary-generated threat intelligence, it makes it easy to cut through the fog of data and get a concrete idea of what’s happening inside and outside your networks.

But now, the barrier to foolproof threat detection and implementation of sophisticated active defense has been destroyed. 

If you want to implement sophisticated active defense, don’t miss this webinar. Join Richard Barrell, Head of Product Management at CounterCraft, and Dan Brett, Chief Product Officer, demonstrate how the recently released version of The PlatformTM has 170 new features that enable security teams to detect and respond to threats quickly and efficiently while protecting their organization through deception based strategies. 

Now, implementing the power of cyber deception is as easy as drag and drop, and the results are shockingly credible. Tune in to this webinar to see:
✔️ Real life examples of how to create threat detection campaigns in a matter of minutes, which will automatically gather some of the most useful and relevant threat intel your team has ever seen. 
✔️ How users of The Platform identify the most difficult-to-detect risks and mitigate them immediately, thanks to high-power automation and simplification. 
✔️ How, just like a leading global bank client, your organization can eliminate the barrier to sophisticated detection and response operations.

The barrier to foolproof threat detection and implementation of sophisticated detection and response has been destroyed. 

Sign up for the webinar!

Destroying the Barrier to Sophisticated Detection and Response

Insider threats can hang out in your network for months undetected, with the cost for mitigation rising exponentially. In fact, on average, incidents that take more than 90 days to contain cost organizations an average of $17.2 million on an annualized basis.

What if you could provide high-confidence alerts to adversarial presence within your network?

Join us for this webinar, in which Shunta Sharod Sanders discusses:

- Common indicators of Insider Threat
- Examples of Insider Threat
- Common approaches to Insider Threat
- Benefits of Deception Technology

Make malicious actors in your network work harder. Using deception techniques, you can create deception environments that will contain adversaries and collect threat intel to protect your network. The information provided by a deception campaign for insider threat is delivered in real time, composed of contextual and relevant IoCs, and cannot be sourced from anywhere else.

Taking Insider Risk Management to the Next Level

Are you looking for an effective solution to alleviate risks associated with remote access and the extensive use of personal collaboration apps during the new working scenario? Join us for a 30-minute masterclass on how cyber deception can help your organisation mitigate those risks.

In this webinar, you will learn how Cyber Deception is an easy and effective manner to tackle remote access and VPN risks without business disruption and continuing the day-to-day activities like email, cloud-hosted email, cloud apps, Slack, Box, etc.

Learn valuable information like:

-The benefits of Cyber Deception to tackle remote access and VPN risks without business disruption and continuing the day-to-day activities
-A set of practical first steps towards implementation of external deception campaigns
-Understanding of whether the current security control sets of your organisation are effective at keeping attackers out
-An assessment of the key benefits of using cyber deception to counter different types of threats
-Expert knowledge on how to slow down attackers and how to gather enterprise intelligence to improve security in your organisation.

Especially interesting for Threat Intelligence, SOC, Incident Response, and IT Security Teams.

Remote Access & VPN Risks in the New Cybersecurity Scenario

Threat hunting is still a relatively new concept in the world of cyber security, but already, there are a number of different approaches emerging on how best to implement a threat hunting programme. 

This webinar will allow security teams, CISOs and senior management to gain a greater understanding of why a threat hunting programme will enhance your defense strategy, as well as an opportunity to discuss the practical limitations of threat hunting in today’s cyber threat landscape. We will also consider how deception technology can help overcome these limitations, and dig a little deeper into how a threat hunting programme can help reduce and manage cyber risk for mature, global operations. 

What you’ll get out of this webinar:

- A better understanding of threat hunting
- An assessment of the key benefits of a threat hunting programme, as well as known limitations
- An introduction to how deception technology can be used to build an enterprise-level threat hunting programme
- Greater reassurance about how easily threat hunting and deception integrates into your existing defense in depth strategy
- A set of practical first steps towards implementation

How to Hunt Cyber Threats with Deception

An attack involving threat actors attempting to attack Ukrainian government infrastructure happened in one of our deception environments. These actors exploited the CVE-2021-4034 vulnerability in an attempt to run commands as privileged users.

Due to the continued interest in this attack and the fascinating information it reveals, our team of experts will come together for a webinar to go over the recovered intel and the significance of it.

In this webinar, we will discuss an in-depth analysis of this attack with our team of experts. Join Nicole Carignan, CounterCraft Customer Success Manager, and David Barroso, CEO, as they discuss the attack, go into detail on the TTPs, and talk about the possible implications going forward for the financial sector and critical infrastructure.

What’s Included
Attendees of the webinar will also receive:

– The current intel from the attack
– A download of the observables and scripts associated with the incident
– Updates in your inbox on further intel from this continuing deception campaign

Technical Evidence of Attacks on Ukrainian Government Infrastructure

Traditional threat intel is broken. We’re trained to conduct threat intel analysis based on what the industry has given us: wordy threat intel reports, long lists of indicators of compromise with little context, and TTPs that are difficult to take action on. 

Cyber deception, however, gives contextualized rich intelligence on attacker activity. Advanced deception environments, tailored to your attack surface, offer the next generation of threat intelligence collection and analysis. Deception environments are exceptionally effective because they generate known “bad” data. No one should be messing with them. The data they collect is clear and unequivocal. See how they offer clear signals in all the noise.

Start Gathering Your Own Threat Intelligence

Passive backdoors are implants designed to be stealthier than common backdoors, especially by avoiding listening on ports or pinging back to a Command and Control server. Over the last few years, we have detected a number of different passive Linux backdoors used in post-exploitation phases. Adversaries are actively using these network backdoors as a stealthy persistence technique.

Follow a BPFDoor compromise step-by-step to see how this stealthy, custom backdoor has gone five years undetected by blending malicious traffic blends into legitimate traffic. This unique Linux backdoor is incredibly effective at gaining persistence on targeted systems, typically in telecommunications, government, education, and logistics organizations.

Join Nicole Carignan, CounterCraft Customer Success Manager, and David Barroso, CEO,  to discuss passive Linux backdoors, talk through the BPFDoor compromise in step-by-step detail, go over the TTPs, and talk about the possible implications of this compromise going forward.

Attendees of the webinar will receive:
+ The current intel from the attack
+ Information on how to detect BPFDoor compromise 
+ Resources for further reading

BPFDoor and So Much More: An Analysis of Linux Network Passive Backdoors

Linux

Critical Infrastructure

CISO

Threat Hunting

Insider Threat

Telecommunications

Government

Cyber Defence

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

BPFDoor and So Much More: An Analysis of Linux Network Passive Backdoors

Presented by

About this talk

CounterCraft