Advanced Incident Investigation: Lessons Learned From APT Victims
The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organisations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.
In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organisation’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.
Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.
Webcast takeaways include:
· Real-world examples of APT attacks from the coalface
· The latest tools and techniques that advanced threat actors are using
· Recommendations for preventing and responding to APTs
RecordedDec 1 201545 mins
Your place is confirmed, we'll send you email reminders
Jarad Carleton, Principle Consultant at Frost & Sullivan & Hadi Hosn, Global Consulting Solutions Lead at Secureworks
During March/April 2017, Secureworks and Frost & Sullivan partnered to conduct security readiness research amongst 201 IT leaders within large UK enterprises to determine how realistic their perceived level of security maturity is. The end result is the white paper, Measuring Cybersecurity Preparedness: Illuminating Perception vs Reality in UK Enterprise.
In this webcast, Jarad Carleton, Principle Consultant at Frost & Sullivan, will present key findings from the research, which benchmarks UK enterprises against the Security Maturity Model (SMM), co-developed by Secureworks and Frost & Sullivan.
Hadi Hosn, Global Consulting Solutions Lead at Secureworks, will then explain the Secureworks point of view on some of the challenges UK enterprises are currently facing on their quest for greater security maturity, and how organisations can take positive steps to tackle them.
During this live webcast we will cover:
- How you rate against the UK’s Security Leaders
- The top aspects of security Underprepared organisations should focus on
- The key security weakness where even Security Leaders are vulnerable
- Steps you can take to improve the security posture of your organisation
Lee Lawson, Special Operations Researcher, SecureWorks Counter Threat Unit
Windows Management Instrumentation (WMI) is a Microsoft Windows administrative tool that has access to all system resources, making it powerful for both legitimate and illegitimate use. Via WMI you can do things like execute, delete and copy files; change registry values; and identify which security products are installed to aid in bypassing them.
The malicious use of WMI and other legitimate tools continues to grow and was identified as a top trend in a recent SecureWorks Threat Intelligence Executive Report. Like PowerShell, WMI is often used to create file-less attacks that are difficult to identify and stop with technology alone. This makes WMI the perfect tool for threat actors to use as camouflage while acting inside your organisation.
Join Counter Threat Unit - Special Operations Researcher, Lee Lawson, for the second webcast in our two-part series on how threat actors are exploiting Windows tools in “living off the land” attacks.
You will learn:
- Why WMI is so risky
- Tips to identify malicious use of WMI
- How threat actors hide their tracks and how you can unmask them
- WMI threats identified by SecureWorks researchers
- How you can avoid becoming a victim to this growing threat vector
Lee Lawson, Special Operations Researcher, SecureWorks Counter Threat Unit
In a recent SecureWorks engagement, 98.5% of the 3,477 commands executed by threat actors were native to the Windows operating system.
PowerShell is a popular tool that Microsoft has been including with the Windows OS since 2009, but malicious PowerShell use is rivalling ransomware in popularity with threat actors. Security products focused on preventing endpoint threats are often not enough to differentiate legitimate from malicious PowerShell use.
In the first webcast of a two-part series on how threat actors are exploiting Windows tools in “living off the land” attacks, SecureWorks Counter Threat Unit - Special Operations Researcher, Lee Lawson, will discuss why PowerShell is so risky, how SecureWorks researchers identify PowerShell threats, and how you can defend your organisation.
You Will Learn:
- What PowerShell is and how it is used in “living off the land” attacks
- Why built-in tools like PowerShell are so attractive to threat actors
- Examples of malicious PowerShell use
- How to defend your organisation against common methods threat actors use to evade prevention and detection
Hadi Hosn, Head of Security Strategy & GRC Consulting in EMEA
Whether you like it or not, the security industry is being cloudified. As IT moves into the Cloud, security must follow, and with IT losing its grip on the endpoint, Cloud is the only Security option. In addition, the Internet of Things continues to scale upwards, and Cloud computing will be its data repository, application engine, provisioning system and Security platform.
Join Hadi Hosn, Head of Security Strategy & GRC Consulting in EMEA, as he explains why cloud security is so important, and provides guidance on key considerations when building out a cloud security programme.
In this webcast you will learn:
- 3 key principles for managing cloud security risk
- 5 common misconceptions and how to avoid them
- The 5 fundamental cloud security controls you should implement
SecureWorks’ incident responders assist hundreds of organisations annually with the containment and remediation of threats during security incidents, including both targeted and opportunistic threats. Visibility of these incidents provides the SecureWorks Counter Threat Unit™ (CTU) research team with a unique and comprehensive view of emerging threats and developing trends.
In this webcast Chris Yule, Senior Security Researcher with the CTU, will draw on recent research garnered from SecureWorks’ incident response engagements in Q1 and Q2 of 2016 to address some of the most prominent threats and security challenges organisations face today.
Chris will be viewing and presenting this insight through the lens of the victim, and will answer the following questions which many organisations will be familiar with:
- Am I likely to be a victim?
- Should I care about targeted or opportunistic threats?
- What makes me a victim of a targeted threat?
- How can I protect myself against the most common threats?
Chris Yule, Senior Researcher, Counter Threat Unit
In our “Cybersecurity Threat Insights Report for Leaders”, we shared several key findings and observations from our client engagements and about the security industry. This webcast will cover our findings and observations but will also provide you with clear direction on where you need to focus your resources to evoke positive action in your security program.
During this webcast one of our lead Counter Threat Unit™ researchers, Chris Yule, who helped develop the report, will give his perspective, observations and guidance through responses to a series of questions led by our EMEA Marketing Manager, Andy Patton.
As 2016 draws to a close, security professionals worldwide will be left pondering another year of publicised breaches, vulnerabilities and threats. So what are the key takeaways and how can global security events from the past 12 months inform your plans for 2017?
We’ve asked a panel of experts from the SecureWorks Counter Threat Unit (CTU), our highly-trained team of experienced security researchers, to paint a picture of threat actors and their tradecraft across the globe by sharing their views on 2016’s most significant security events. The panel will end the session by providing actionable insights and recommendations for organisations to factor into their security strategy in 2017.
Join this exclusive webcast to gain CTU insight on the following topics and more:
- eCrime trends including the rise of ransomware, business email compromise and the Mirai IoT botnet activity
- Nation state sponsored threats and whether organisations are set up to defend against them
- How organisations can use threat intelligence gathered in 2016 to improve security
The underground cybercrime marketplace is now a well-organised machine that follows the level of business processes you would expect from a legitimate industry. Cybercrime has evolved into a nexus of highly-organised actors, each with a dedicated function to perform, with each individual fulfilling a specific role to propel the mission of cybercrime forward.
In this short 30-minute on-demand webcast, the final instalment of the four-part SecureWorks Threat Intelligence Spotlight Series, Pallav Khandar, Senior Researcher with the SecureWorks Counter Threat Unit (CTU), looks at how the cybercrime landscape has evolved over the past 12 months.
Key topics include:
- Botnet prevalence
- Industry and geo targeting
- Distribution vectors
- New attack vectors
- The rise of ransomware
"Nigerian prince" and "419" scams have plagued victims for decades and transitioned to the Internet in the 1990s. There are many variations and names for these scams, which originated in Nigeria. The scammers refer to their trade using the terms "yahoo yahoo" or "G-work," calling themselves "yahoo-yahoo boys," "yahoo boiz," or "G-boys." However, the simple con man fraud practiced by many West African-based threat actors is being replaced by a new crime they refer to as "wire-wire," "waya-waya," or "the new G-work."
In this short 25-minute on-demand webcast, the second in the four-part SecureWorks Threat Intelligence Spotlight Series, Lee Lawson, Senior Researcher with the SecureWorks Counter Threat Unit (CTU), explains how the low-level con games these threat actors are typically known for have evolved into more sophisticated and conventional cybercrime that is compromising businesses around the world.
The third instalment in the four-part Threat Intelligence Spotlight Series details how the SecureWorks Counter Threat Unit (CTU) Research Team discovered malware that bypasses authentication on Active Directory (AD) systems that use single-factor authentication.
In this short 25-minute on-demand webcast, Stewart McIntyre, Senior Researcher with the SecureWorks CTU, explains how the threat actor gained unfettered access to remote access services on this compromised client network. Stewart also spends time explaining how a Skeleton Key can be detected and mitigated.
Before the widely-publicised spearphishing campaign against HillaryClinton.com and the DNC during the 2016 Presidential Election, Threat Group-4127 (TG-4127), also known as APT28, Sofacy, Sednit, Fancy bear and Pawn Storm, had traditionally targeted governments, the military and international non-governmental organisations (NGOs).
In this short 30-minute on-demand webcast, the first in the four-part SecureWorks Threat Intelligence Spotlight Series, Tom Finney, Senior Researcher with the SecureWorks Counter Threat Unit (CTU) shares what the CTU learned after spending a year tracking the threat group that hacked the DNC and HillaryClinton.com.
Daniel Gortze, Delivery Manager, SecureWorks Incident Response & Forensics Consulting Team
You have spent significant financial and human resources to configure and protect your network and digital assets, purchased several new security tools and software, and now you're wondering if those technologies will be able to protect your organisation against potential cyber intrusions.
Join this webcast and hear from Daniel Gortze, Delivery Manager for the SecureWorks Incident Response & Forensics Consulting Team, who will examine real-life scenarios in which security technologies failed, and even worst cases where threat actors used an organisations' own security technologies against them.
Key Topics Covered Include:
- Examples of Threat Actor Abuse of Security Technology in real-world Incidents
- Anti-Virus Abuse
- Exploiting Whitelisting Misconfiguration
- The Human Weak link
- Lessons learned and actionable insights
Matt Webster, CTU Security Researcher, SecureWorks
SecureWorks® incident responders assist hundreds of organisations annually with the containment and remediation of threats during suspected security incidents.
Visibility of these incidents provides the SecureWorks Counter Threat Unit™ (CTU) research team with a unique view of emerging threats and developing trends. This Threat Intelligence is then continuously provided to clients, arming them with the information they need to stay one step ahead of adversaries trying to compromise their networks.
In this webcast Matt Webster, CTU Security Researcher, will discuss developments in the threat landscape observed through SecureWorks’ Incident Response engagements from April to June of 2016, including;
- Key developments of the APT threat
- Criminal cyber threat trends
- Developments in Ransomware
Matt will also discuss observations of how the affected organisations could have better prepared for the threats they encountered.
Don Smith, SecureWorks, Ian Glover, CREST & Peter Wood, First Base Technologies
The rise in targeted threats means that security teams must move beyond a general understanding of the threat landscape, to a detailed understanding of their own context and the ability to spot threats targeted at their specific organisation.
In a world of information-overload and an explosion in communication channels, how do you sift through the noise and identify true threats to your business?
•The challenges faced by organisations from the rise in targeted threats
•Limitations of security processes in protecting from targeted threats
•How to gain early visibility into the threats targeting your particular organisation
Don Smith leads the CTU™ Cyber Intelligence Cell: a team of experienced threat analysts who, through the application of established intelligence practices, deliver actionable and timely intelligence products on the threats most relevant to SecureWorks clients. Don also leads the CTU research team in EMEA.
Don joined SecureWorks in 2005 and, since then, has been instrumental in establishing a CTU presence in EMEA and building important relationships for SecureWorks in the region. His enthusiasm and threat expertise means that he regularly represents SecureWorks at industry events in EMEA. Don has 24 years’ experience in the IT industry and was previously responsible for security architecture and operations for a multi-billion enterprise, where he took a lead role in successfully integrating 14 acquisitions. He is a recognized subject-matter expert many areas of cybersecurity and advises SecureWorks and SecureWorks’ clients globally.
Hadi Hosn, Head of Security Strategy and GRC Consulting, EMEA
Achieving total security in an organisation is impossible. Security controls need to be pragmatic and investments prioritised. In this presentation, Hadi Hosn, Head of Security Strategy and GRC Consulting in EMEA, discusses six steps to implementing and operating a risk-based model to help companies identify and protect their most critical information assets and business processes.
In this short video, Mark Osborn, a threat researcher with the world-class SecureWorks Counter Threat Unit™ (CTU), discusses the recent investigation into a cyber-espionage campaign, covering the tools and tactics used by the threat actors and exploring the intent behind the activity.
SecureWorks CTU researchers uncovered a set of fake profiles on a popular professional social media networking site supporting a suspected Iran-based threat group's cyber operations.
This social engineering campaign is just one example of the kind of malicious activity the SecureWorks CTU are tracking on a daily basis. This Threat Intelligence is constantly being gathered on prominent threat groups across the globe, and is fed into SecureWorks services to ensure their clients stay one step ahead of the Techniques, Tactics and Procedures (TTP) being employed by their adversaries.
Lee Lawson, Counter Threat Unit, Special Operations
Lee discusses the rise of advanced persistent threats, how the security threat landscape is evolving and what you can do to keep pace. The presentation examines techniques deployed for intrusion, persistence, lateral expansion and exfiltration and highlights where changes to the detective or preventative control frameworks could have prevented attackers from achieving their objectives.
Lee covers off three types of evolutions recently observed:
- Defensive Evasion
- “Living Off the Land”
Chris Yule, Senior Principal Consultant, Security Strategy
As Information Security continues to evolve, cybercriminals are busier than ever, and when organisations are faced with an ever-evolving range of increasingly sophisticated attacks from threat actors, they turn to SecureWorks for help.
As a Senior Principal Consultant at SecureWorks, Chris works with a range of clients from different industries and of varying sizes, to help them formulate and hone their security strategy. In this presentation, Chris provides an overview of the five key information security trends that he has seen emerge during his conversations with clients over the past 12 months.
During this presentation, Chris covers the following five trends;
Hadi Hosn, Head of Security Strategy & GRC Consulting, EMEA
For many organisations, investments in new processes and technologies is on top of the priorities list. From behavioural analytics, big data solutions, and “one touch” processes that require no manual intervention, companies are always on the lookout for technology innovations that can achieve a considerable return on investment. When companies consider Cyber Security in such a technology dependent world, most ask, “How can we secure our business and comply with the changing legal and regulatory standards?” instead of “How do we make business focused, intelligent investments given the cyber security risks we face today?”
In this webcast, Hadi Hosn, Head of Security Strategy & GRC Consulting at Dell SecureWorks, will discuss the risk based Cyber Security operating model to help companies identify and protect their most critical information assets and business processes. Hadi will focus on the most critical actions for any organisation building a risk based security programme.
Key topics covered include:
· Prioritising information assets based on value to the organisation
· Identifying and prioritising risks to the assets
· Reduce risks with quick wins
· Build and deliver a security plan that aligns business and technology
· Ensure continuous business engagement on the topic of cyber security
SecureWorks provides an early warning system for evolving cyber threats, enabling organisations to prevent, detect, rapidly respond to and predict cyberattacks. Combining unparalleled visibility into the global threat landscape and powered by the Counter Threat Platform – our advanced data analytics and insights engine – SecureWorks minimizes risk and delivers actionable, intelligence-driven security solutions for clients around the world.