Name: APT37: The Overlooked North Korean Threat
Start: 2018-02-28T16:00:00Z
End: 2018-02-28T16:00:58.000Z
Location: BrightTALK
Rating: 4.5

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

The cyber threat landscape is constantly evolving, and defenders have the challenging task of keeping up. By exploring the trends we see today, we can improve our cyber readiness and be better prepared for the year ahead. 

To help organizations navigate the cyber landscape in 2024, security expert Andrew Kopcienski is presenting a deep-dive session to cover many of the topics discussed in the latest Google Cloud Cybersecurity Forecast 2024 report, including:

- Tactics and tools to steal credentials
- SMS phishing, notably to access environments
- Increasing use of zero-days
- More targeting of edge and other devices  

Register for the webinar, and read the Google Cloud Cybersecurity Forecast 2024 report when it releases on November 8.

Google Cloud Cybersecurity Forecast 2024

The presentation seeks to explore the transformation of cybersecurity methodologies in the face of an evolving digital world. In the context of the Canadian financial sector, this has included regulatory guidance and a focus on managing insider threats. 
The essence of this shift is the focus on Insider Risk Management (IRM). Insider risks - whether unintentional or intentional - pose a significant threat to organizations. The discussion will examine how insider threats have evolved and how they now require NextGen methodologies and tools to properly mitigate and manage. 

By exploring various case studies of significant insider threat incidents, the presentation aims to underscore the critical importance of IRM and its role in a holistic cybersecurity strategy. 

Join Mandiant to understand: 
- Strategies for leaders to meet regulatory guidance and drive this change
- Fostering a culture of cybersecurity resilience within their organizations.

Shawn Thompson is currently the Senior Manager, Global Insider Risk Services. 
He possesses over 20 years’ experience investigating, prosecuting, and managing insider risk and is widely recognized for his unique blend of expertise and experience. Prior to joining Mandiant, he served as CEO of ITMG, a leading insider risk management consulting firm. He is a former AUSA, DoD Special Agent, Assistant General Counsel, and senior government official who held executive positions with the FBI, NSA, DOJ, and DNI. He is a pioneer in the field of insider risk management, serving as a frequent thought leader on a variety of security and risk management topics. 

Mr. Jordan is a Senior Manager focusing on Strategic Cybersecurity services at Mandiant’s office located in Toronto. Mr. Jordan is responsible for managing and delivering Virtual CISO (vCISO), Security Program Assessments, Cyber Response Readiness Assessments, Cyber Due Diligence, Security Program Development and Transformation engagements for organizations and governments.

Next-Generation Insider Risk Management

This webinar will provide an overview of how a comprehensive cyber crisis communications plan and formal disclosure controls are essential to complying with the SEC's new cybersecurity disclosure rule. During the webinar, our panel of cyber security crisis communications and legal experts will cover:

1)  How disclosure controls are essential to determining materiality and timely, and accurately, reporting during a cyber event 
2)  What types of disclosure controls are necessary in the cyber domain and how they impact the materiality determination during an investigation
3)  How to accelerate your cyber crisis communications response strategy by aligning with cyber specific disclosure controls 
4)  The importance of message discipline when responding to a cyber event, now and after the rule comes into effect

This webinar is essential for all U.S public companies responsible for cybersecurity legal compliance and crisis communications and planning. 

By attending, you will learn how to properly disclose a cybersecurity incident and how to annually disclose your organization’s processes for assessing and managing your cybersecurity governance and risks.

SEC Cybersecurity Rule Compliance Through Effective Disclosure Controls

The manufacturing industry is a prime target for cyber attackers, who are increasingly using multi-faceted extortion and espionage tactics to gain access to sensitive data and disrupt operations. This webinar will provide an overview of cyber threats targeting the manufacturing industry, including:

1) Trends and data observed with multi-faceted extortion attacks
2) Cyber espionage campaigns targeting the sector
3) How the sector might be used as a jump point via supply chain attacks to other sectors

The webinar will feature cyber security intelligence and advisory experts in the manufacturing industry who will discuss the following topics:

1) How to use cyber threat intelligence to ensure better outcomes
2) Why context is vital when prioritizing alerts and threats

This webinar is essential for anyone who is responsible for cyber security at a manufacturing company. You will learn about the latest threats facing your industry and how to protect your organization from these attacks.

The Cyber Security Threat Landscape Targeting the Manufacturing Industry

Attack surface data is the ever-increasing amount of information that attackers can use to exploit vulnerabilities in an organization's systems and networks. One of the biggest challenges in parsing through attack surface data is its sheer volume and complexity. Attackers are constantly developing new techniques and tools to exploit vulnerabilities, and organizations need to be able to keep up. 
This means that security teams need to be able to quickly and accurately identify and prioritize vulnerabilities, even if they are buried in a sea of data.

Join the Mandiant team for a live discussion on outcome-based asset discovery, an easy-to-use method of understanding attack surface exposures. The team will discuss and demo:
- How to define the outcomes or success criteria of asset discovery 
- The various use cases external attack surface management can solve for
- The different ways to operationalize attack surface findings across the organization

Register Now!

Attack Surface Discovery at Scale

Join Mandiant Intelligence Capability Development experts who will outline the characteristics of top-performing cyber threat intelligence (CTI) teams and how to build them. We will provide actionable advice on how intelligence teams can improve their efficiency and effectiveness by adopting a requirements-driven approach. This represents a commitment across the threat intelligence lifecycle to explicitly meet the specified needs of relevant stakeholders. Following this approach enables a CTI team to deliver tangible value and improve security outcomes. 

Attendees will learn:
- How to capture effective intelligence requirements. 
- The importance of a threat profile within a CTI strategy
- How intelligence teams can gather more effective feedback from stakeholders

Building an Effective Cyber Threat Intelligence Function

Join Ryan Roobian and Alexa Rzasa for a live discussion on how to better understand your unique threat landscape and attack surface to proactively identify and mitigate your organization's cyber exposure. Ryan and Alexa will discuss the essentials to building a proactive strategy; including how to achieve:
 - Expanded and centralized visibility
 - Intelligence-led prioritization
 - Validated preparedness
 - Faster remediation and optimization 
 - Incident response readiness

Building a Proactive Strategy to Exposure Management

With a marked increase RaaS, APT, and nation-state sponsored attacks in the industrial cybersecurity sector over the last 18 months it is more critical than ever for organizations to build effective incident response capabilities for their Operational Technology (OT) and Industrial Control Systems (ICS) environments.

Often when the OT process is down, so is the revenue stream. The pressure to get back operational is high – having a solid practiced plan, the right tools in place, and an effective decision-making process are critical to restoring production.

Watch this webinar to learn how to:

Better prepare for the convergence of IT and OT systems with improved threat awareness and expanded knowledge of attacker;
Maintain business continuity by hunting for threats and boost the ability to monitor, detect and respond to threats;
Create a plan and process to restore production in the event of an APT and nation-state sponsored attack.

A Proactive Approach to Incident Response for OT

Threat intelligence provides security teams with insights into the kinds of attacks that may target their organizations and prioritize their security activities. But what if the risk is coming from third-party partners and systems? In this webinar, experts discuss how security teams can use available threat intelligence to identify third-party risk and work with partners to mitigate them. Learn how to decide what to collect and how to correlate the information with internal data sources and those belonging to partners and suppliers to get the proper view of the threats. Walk away with practical tips on how to use threat intelligence to work with suppliers as part of an overall security strategy.

During this webinar you will:

- Pinpoint data streams most valuable for threat intelligence gathering.
- Identify data that can help identify potential third-party exposure.
- Get professional tips on how to work with suppliers to mitigate cybersecurity risk.

How to Use Threat Intelligence to Mitigate Third Party Risk

For cybersecurity, artificial intelligence (AI) has the potential to benefit both the defenders and their adversaries. 

Threat actors are using AI to instantly generate sophisticated and evasive attacks, while security teams are now using AI-powered security tools to better protect against them. Today, Mandiant consultants are leveraging AI to help defenders reduce the amount of time needed to detect, respond, and remediate these attacks. 
 
Tune into this webinar to learn how Mandiant consultants use AI on the front lines to improve engagement efficiency and effectiveness—alongside their hands-on expertise and embedded threat intelligence.
 
Attendees will learn from Mandiant speakers Trisha Alexander, Ron Craft, and Jennifer Guzzetta how to use AI as a starting point to:
• Accelerate the investigation process of incident response events
• Streamline the generation of baseline threat detections
• Apply diverse query languages for navigation across multiple security platforms

AI & Cybersecurity: How Mandiant Consultants Accelerate Detection & Response

Threat intelligence is foundational to all aspects of a security program, from SecOps to vulnerability management to risk management and leadership. However, many organizations struggle to operationalize threat intelligence across functions to reduce risk faster. Additionally, the volume can be unmanageable if you don’t know what threats are most critical to your organization.  

Mandiant (now part of Google Cloud) is leveraging AI to help security teams of all abilities see the threats that matter to them and use natural language to produce AI-driven search summarization.  

Watch this upcoming webinar as Mandiant Threat Intelligence experts— Josh Bass, Megan DeBlois, and TJ Alldridge—demonstrate the new AI capabilities in Mandiant Threat Intelligence and share best practices. Attendees will learn:
• Why a personalized threat profile is important to quickly understand your threats today
• How to leverage natural language search prompts for easy to action results
• How AI can help you quickly understand and reduce risk from emerging threats

AI & Cybersecurity: Leveraging AI to Create Outcome-oriented Security Teams

This session is the fourth in our multipart virtual series that will provide helpful insights and best practices surrounding the six critical functions of cyber defense that make up The Defender’s Advantage.  

In this webinar, join Mandiant experts for a discussion on how to properly Respond to resume normal business operations and effectively remove threats from the environment. Also learn how to proactively Hunt for evidence from a previous or existing compromise to enhance future response capabilities and realize new methods of threat detection.

Respond to Resume Operations & Hunt to Prevent Compromise- Webinar Series Part 4

This session is the third in our multipart virtual series that will provide helpful insights and best practices surrounding  the six critical functions of cyber defense that make up The Defender’s Advantage.  

In this webinar, join Mandiant experts for a discussion on how to effectively contextualize, categorize, and prioritize cyber security incidents to rapidly Detect malicious activity and identify significant business risks. Also learn how to Validate your security control ecosystem to ensure the optimization and success of the detection process to ultimately protect your critical assets.

Detect Risks & Validate Security Controls - Webinar Series Part 3

This session is the second in our multipart virtual series that will provide helpful insights and best practices surrounding the six critical functions of cyber defense that make up The Defender’s Advantage.  

In this webinar, join Mandiant experts for a discussion on how to understand and effectively implement your collective Threat Intelligence to make the right security decisions. We will also dive into the establishment of Command and Control to orchestrate the prioritization of activities performed by all six cyber defense functions to achieve security resilience and reduce the overall impact of cyber attacks.

Who should attend:
CISOs
Cyber defense directors
SOC managers
Seasoned and new cybersecurity practitioners

Utilize Threat Intelligence, Establish Command & Control - Webinar Series Part 2

Learn how to activate the six critical functions of Cyber Defense to optimize your security program in the face of harmful adversaries. Building a best-in-class cyber defense organization will provide confidence in your ability to protect, defend and respond to sophisticated [and inevitable] threats that can cripple business operations. 

As outlined in Mandiant’s award-winning book,“The Defender’s Advantage” organizations are defending against adversaries within their very own environment. Because the defender owns the environment in which they go head-to-head with these ruthless attackers, it’s important to remember that the defender has a fundamental advantage–however many  organizations struggle to capitalize on it.

This multipart webinar series will provide helpful insights and best practices surrounding the six critical functions of cyber defense that make up The Defender’s Advantage.  

Register for this first session to receive an executive overview of The Defender’s Advantage and its six critical functions of cyber defense—Threat Intelligence, Command and Control, Detect, Validate, Respond and Hunt. Each of these functions represents different responsibilities focused on distinctive goals, while collectively working together to rapidly identify and effectively respond to threats. 

Who should attend:
CISOs
Cyber Defense Directors
SOC Managers
Seasoned and new Cybersecurity Practitioners

Take Control of Your Cyber Defense with The Defender’s Advantage Series, Part 1

An organization's attack surface is constantly expanding and evolving.  Cloud resources, unmanaged assets, code repositories — all internet-facing assets have the potential to be exploited if there is an unmitigated vulnerability, misconfiguration, or exposure. This is where threat intelligence provides a valuable role to help you and your teams prioritize what needs attention and why.

During this webinar, we will cover the following topics:

- The importance of threat intelligence for Attack Surface Management
- How to collect and analyze current state data
- How to use threat intelligence to prioritize your efforts

We will also share some real-world examples of how organizations have used threat intelligence to improve their security posture.

Who should attend:

This webinar is ideal for security professionals who are responsible for attack surface management, threat intelligence, or vulnerability management.

ASM and Threat Intelligence: A Winning Combination for Cyber Defense

From compliance to security operations, every organization must test and measure security effectiveness to help identify and mitigate cyber risks.  Although the ‘how’ and ‘when’ to test that effectiveness varies from org to org. 

Join Mandiant experts for a live discussion on the best practice methodologies and technologies your security team can use to accomplish this. During the session, our experts will cover:

- The difference between breach and attack simulation, red teaming and penetration testing
- When to choose between automation or partnering with a trusted third-party
- How to prioritize specific gaps in your security posture identified by proactive testing
- Mobilizing your security team to improve the overall security program

How to Effectively Test and Measure Your Cyber Defense Program

O novo relatório M-Trends 2023 da Mandiant revela que apesar de as organizações  melhorarem as suas defesas cibernéticas, a Mandiant continua observando técnicas sofisticadas e novos grupos de ameça emergindo em um ritmo acelerado.”

Nesta sessão, a Mandiant revisará alguns dos dados mais relevantes do relatório M-Trends 2023, além de dados adicionais que refletem o ambiente atual de ameaças para a América Latina e que são extraídos de investigações de respostas a incidentes e análises de inteligência de ameaças.

M-Trends 2023 – Relatório de tendências atuais de cibersegurança

Repeated high-profile breaches, disruptive attacks and global crime with indicators of sponsorship by North Korea demonstrate an increasing threat and underscore the necessity of tracking the activity of their hackers. 

APT37 is less well-recognized than other threat actors sponsored by North Korea, but their increasing global activity and recent use of a zero-day exploit can no longer be ignored by network defenders.

FireEye has tracked APT37 since 2015 as TEMP.Reaper and shared details on its activities with our intelligence customers. Over time we have come to better understand APT37. On Thursday, February 28, join Ben Read, Senior Manager, Cyber Espionage at FireEye for our unique insights into APT37: 

• A history of APT37 support for North Korean interests
• Details on the malware suite employed by APT37
• How APT37 has been influencing the world beyond the Korean peninsula

APT37: The Overlooked North Korean Threat

FireEye

Cyber Attacks

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

APT37: The Overlooked North Korean Threat

Presented by

About this talk

More from this channel