Name: FIN11: A Widespread Ransomware and Extortion Operation
Start: 2020-10-29T15:00:00Z
End: 2020-10-29T15:00:40.000Z
Location: BrightTALK
Rating: 4

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

The M-Trends 2024 Special Report provides an inside look at the latest cyber trends and attacker operations from around the globe. The second half of the report is dedicated to deep insights drawn directly from the frontlines of Mandiant investigations and threat intelligence findings that have shaped today’s evolving cyber threat landscape.

Join six of our report authors and experts on May 23, 2024 at 12:00pm ET as they share their point of view on these hot topics and provide best practice solutions to help improve your cyber defense capabilities in these areas.

Topics will include:
- China-nexus attackers targeting edge devices and platforms that lack EDR
- Trending adversary operations and motivations behind zero-day attacks
- The evolution of phishing techniques amidst modern security controls
- How attackers leverage AiTM to compromise MFA safeguards
- The reasons and solutions behind growing cloud and hybrid cloud intrusions
- How AI is effectively used in red and purple teams to help boost cyber defenses

Presenters:
Ryan Tomcik, Principal Security Analyst, Mandiant - Google Cloud Security
Mathew Potaczek, Principal Threat Analyst, Mandiant - Google Cloud Security
Josh Fleischer, Principal Security Analyst, Mandiant - Google Cloud Security
John Palmisano, Incident Response Manager, Mandiant - Google Cloud Security
Tucker Clark, Senior Security Consultant, Mandiant - Google Cloud Security
Josh Madeley, Regional Lead, Mandiant - Google Cloud Security
Jennifer Guzzetta, Product Marketing - Google Cloud Security (Moderator)

M-Trends 2024 Round Up: Expert Insights on 6 Key Topics

The M-Trends 2024 Special Report provides an inside look at the latest cyber trends and attacker operations from around the globe. Packed with timely data from Mandiant frontline incident response investigations and threat intelligence findings between January 1, 2023 - December 31, 2023, readers can increase their awareness of the evolving cyber threat landscape and glean new, effective ways to stay on top of their cyber defense game.

Join two of our top threat analysts on May 21, 2024 at 12:00pm ET as they discuss these trending metrics and notable adversary behaviors. Learn how these findings can affect your security approach to future compromise. 

Topics will include:
- Global and regional dwell times
- Detection by source trends
- Industry targeting metrics
- New threat actor techniques, motivations, and behaviors
- Top infection vectors and malware families
- Ransomware attack developments
- And more!

M-Trends 2024: By the Numbers of Today's Top Cyber Threats & Attacker Operations

Analysts from Mandiant Intelligence will dive deep into APT44, the Russian military intelligence actor best known as Sandworm. This actor is Russia's preeminent cyberattack capability, responsible for many of the most important incidents in history including multiple blackouts in Ukraine, attacks on US and French elections, attacks on the Pyeongchang Olympics, and NotPetya. Hear directly from the experts about the latest insights on this actor, who remains a threat to organizations globally.

Sandworm Revealed: A Deep Dive into APT44

Mandiant Managed Defense presents a quarterly webinar series, "Tales from the Trenches," to help you navigate the ever-evolving threat landscape. Our security experts will dive into the latest malware and attack trends they've encountered in the previous quarter. You'll gain valuable insights into how these threats were detected, along with actionable advice to strengthen your own defenses.

In the first installment of the series, Managed Defense consultants will detail findings from January through March 2024, including:

*Phishing emails deploying ASYNCRAT malware
*Ongoing exploitation of ScreenConnect vulnerabilities and hardening guidance 
*New FAKEUPDATES technique compromising Outlook email signatures

Reserve your spot today!

Tales from the Trenches: Malware and attack trends from Managed Defense

Join us for an informative webinar to learn what organizations can do to mitigate cybersecurity risks seen on the front lines from Mandiant consultants in light of the growing zero-day attacks.

By taking a proactive approach to cybersecurity, organizations can empower themselves to navigate the challenging threat landscape with confidence. 

In this session, we will outline actionable steps you can take, including:

*Understanding your external attack surface and public-facing assets
*Ensuring endpoint security solutions have broad internal coverage
*Restricting external network protocols and services
*Implementing strong multi-factor authentication
*Enhancing logging, monitoring, and detection capabilities
*Bolstering incident response strategies and processes

Join us in this webinar to learn how you can position your organization for cybersecurity resilience.

Proactive Cybersecurity: 6 Critical Tasks to Mitigate Risk

Whether you're a security engineer, IT professional, or simply someone concerned about protecting your organization's information, this webinar will showcase how AI can transform the way you approach security.

Join us to learn how to:

Strengthen your defenses
Enhance threat detection
Improve response
Our expert speakers will demystify the complexity of AI and guide you through its practical applications in the realm of cybersecurity - even if you aren't an expert.

Unleashing AI for cybersecurity: Empowering non-experts to take action

Recent attacks on K-12 school districts have put student and staff data at risk. Don't let your district become the next victim. Join leading cybersecurity experts as they discuss ways to empower K-12 security leaders and administrators to defend against the latest threats and secure their students, staff and educational environments.

Why attend?
- Learn about escalating K-12 cyber threats: Ransomware, data breaches, and more.
- Prioritize and Prepare for Evolving Threats: Learn how to assess cyber risks and develop robust defense strategies.
- Leverage Threat Intelligence: Discover how to identify vulnerabilities before they are exploited.
- Build a Proactive Defense Strategy: Implement practical strategies to keep your district ahead of cyber threats.
- Learn about resources to help improve your security posture today


Who should attend?
K-12 security managers, directors, CISOs, IT managers/VPs/directors
Anyone responsible for protecting student and staff data
School district leaders concerned about cyber threats

K-12 Cybersecurity Roundtable: Protecting Our Schools from Rising Cyber Threats

Security teams need to be more proactive about finding threats before they can cause too much damage. How do these enterprises build threat hunting programs? What stakeholders needs to be involved? What skills are necessary for the threat hunting team? In this Dark Reading webinar, a top expert discusses the process for building a threat hunting program and what tools they need. Get practical tips on questions to ask and processes to build out as part of getting started.

During this webinar you will:

Get advice on how to get a new program off the ground.
Find out what resources are required to get a threat hunting program launched, and where to find them.
Gain insight into the latest tools and tricks used by the some of the world’s top threat hunters.

How to Launch a Threat Hunting Program

No technology has ever emerged as quickly as generative AI has – or come with such a confusing set of myths about how threat actors are already leveraging AI-driven tools to overwhelm enterprise defenses.

Join us as we separate fact from fiction and put myths to rest about the use and capabilities of generative AI.

Watch this webinar to learn:
• How threat actors specifically use generative AI to bypass or compromise enterprise security systems;
• Real-world applications of generative AI that are proven successful in enhancing cybersecurity posture;
• Generative AI's projected growth rate and how it will affect your enterprise's ability to keep pace with security protocols.

Generative AI: Myths, Realities, and Practical Use Cases

Suspected espionage group, UNC5221, has launched a sophisticated cyberattack exploiting zero-day vulnerabilities recently disclosed (CVE-2023-46805 and CVE-2024-21887) by Ivanti in their Connect Secure (ICS) VPN and Policy Secure (IPS) appliances. 

Please join Mandiant’s John Wolfram, Matt Lin, and Robert Wallace as they shed light on this suspected espionage campaign, including:

*Technical Analysis: We'll dissect UNC5221's custom malware arsenal, including the ZIPLINE backdoor, THINSPOOL dropper, LIGHTWIRE and WIREFIRE web shells, and WARPWIRE credential harvester.

*Attacker Motivations and Tactics: Explore UNC5221's suspected espionage objectives and the strategic use of compromised edge infrastructure for command and control.

*Remediation and Defense Strategies: Learn concrete steps to mitigate these vulnerabilities, deploy Ivanti's Integrity Checker Tool (ICT), and strengthen your defenses against future zero-day attacks.

This webinar is designed for IT security professionals, network administrators, and anyone concerned about zero-day exploits and espionage campaigns.

Presenters:

Andrew Kopcienski, Principal Analyst (Moderator)
Matt Lin, Consultant, Incident Response
Robert Wallace, Consultant, Incident Response
John Wolfram, Sr. Threat Analyst

Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits

2023 fits Mandiant observations that zero-day exploitation has been trending upward for the last few years. Mandiant tracked over 80 zero-day vulnerabilities in 2023, which represents almost double the number from 2020 and continued trend upward in the last ten years.

Join Mandiant experts for a discussion on these trends and the evolution of the broader vulnerability exploitation landscape in 2023. During this session, our team will discuss:

-2023 zero-day exploitation in the context of historical trends
-Chinese cyber espionage actors’ focus on stealth during vulnerability exploitation
-N-day vulnerability trends, including time to exploit analysis

What you will learn:

In addition to understanding the vulnerability exploitation landscape, we’ll discuss how this analysis can inform strategies for successful vulnerability prioritization. We’ll demonstrate how you can apply threat intelligence to help assess risk and make informed decisions about vulnerability management and patching in your own environments.

The Evolution of the Vulnerability Landscape in 2023

The cyber threat landscape is constantly evolving, and defenders have the challenging task of keeping up. By exploring the trends we see today, we can improve our cyber readiness and be better prepared for the year ahead. 

To help organizations navigate the cyber landscape in 2024, security expert Andrew Kopcienski is presenting a deep-dive session to cover many of the topics discussed in the latest Google Cloud Cybersecurity Forecast 2024 report, including:

- Tactics and tools to steal credentials
- SMS phishing, notably to access environments
- Increasing use of zero-days
- More targeting of edge and other devices  

Register for the webinar, and read the Google Cloud Cybersecurity Forecast 2024 report: https://cloud.google.com/resources/security/cybersecurity-forecast

Google Cloud Cybersecurity Forecast 2024

The presentation seeks to explore the transformation of cybersecurity methodologies in the face of an evolving digital world. In the context of the Canadian financial sector, this has included regulatory guidance and a focus on managing insider threats. 
The essence of this shift is the focus on Insider Risk Management (IRM). Insider risks - whether unintentional or intentional - pose a significant threat to organizations. The discussion will examine how insider threats have evolved and how they now require NextGen methodologies and tools to properly mitigate and manage. 

By exploring various case studies of significant insider threat incidents, the presentation aims to underscore the critical importance of IRM and its role in a holistic cybersecurity strategy. 

Join Mandiant to understand: 
- Strategies for leaders to meet regulatory guidance and drive this change
- Fostering a culture of cybersecurity resilience within their organizations.

Shawn Thompson is currently the Senior Manager, Global Insider Risk Services. 
He possesses over 20 years’ experience investigating, prosecuting, and managing insider risk and is widely recognized for his unique blend of expertise and experience. Prior to joining Mandiant, he served as CEO of ITMG, a leading insider risk management consulting firm. He is a former AUSA, DoD Special Agent, Assistant General Counsel, and senior government official who held executive positions with the FBI, NSA, DOJ, and DNI. He is a pioneer in the field of insider risk management, serving as a frequent thought leader on a variety of security and risk management topics. 

Mr. Jordan is a Senior Manager focusing on Strategic Cybersecurity services at Mandiant’s office located in Toronto. Mr. Jordan is responsible for managing and delivering Virtual CISO (vCISO), Security Program Assessments, Cyber Response Readiness Assessments, Cyber Due Diligence, Security Program Development and Transformation engagements for organizations and governments.

Next-Generation Insider Risk Management

This webinar will provide an overview of how a comprehensive cyber crisis communications plan and formal disclosure controls are essential to complying with the SEC's new cybersecurity disclosure rule. During the webinar, our panel of cyber security crisis communications and legal experts will cover:

1)  How disclosure controls are essential to determining materiality and timely, and accurately, reporting during a cyber event 
2)  What types of disclosure controls are necessary in the cyber domain and how they impact the materiality determination during an investigation
3)  How to accelerate your cyber crisis communications response strategy by aligning with cyber specific disclosure controls 
4)  The importance of message discipline when responding to a cyber event, now and after the rule comes into effect

This webinar is essential for all U.S public companies responsible for cybersecurity legal compliance and crisis communications and planning. 

By attending, you will learn how to properly disclose a cybersecurity incident and how to annually disclose your organization’s processes for assessing and managing your cybersecurity governance and risks.

SEC Cybersecurity Rule Compliance Through Effective Disclosure Controls

The manufacturing industry is a prime target for cyber attackers, who are increasingly using multi-faceted extortion and espionage tactics to gain access to sensitive data and disrupt operations. This webinar will provide an overview of cyber threats targeting the manufacturing industry, including:

1) Trends and data observed with multi-faceted extortion attacks
2) Cyber espionage campaigns targeting the sector
3) How the sector might be used as a jump point via supply chain attacks to other sectors

The webinar will feature cyber security intelligence and advisory experts in the manufacturing industry who will discuss the following topics:

1) How to use cyber threat intelligence to ensure better outcomes
2) Why context is vital when prioritizing alerts and threats

This webinar is essential for anyone who is responsible for cyber security at a manufacturing company. You will learn about the latest threats facing your industry and how to protect your organization from these attacks.

The Cyber Security Threat Landscape Targeting the Manufacturing Industry

Attack surface data is the ever-increasing amount of information that attackers can use to exploit vulnerabilities in an organization's systems and networks. One of the biggest challenges in parsing through attack surface data is its sheer volume and complexity. Attackers are constantly developing new techniques and tools to exploit vulnerabilities, and organizations need to be able to keep up. 
This means that security teams need to be able to quickly and accurately identify and prioritize vulnerabilities, even if they are buried in a sea of data.

Join the Mandiant team for a live discussion on outcome-based asset discovery, an easy-to-use method of understanding attack surface exposures. The team will discuss and demo:
- How to define the outcomes or success criteria of asset discovery 
- The various use cases external attack surface management can solve for
- The different ways to operationalize attack surface findings across the organization

Register Now!

Attack Surface Discovery at Scale

Join Mandiant Intelligence Capability Development experts who will outline the characteristics of top-performing cyber threat intelligence (CTI) teams and how to build them. We will provide actionable advice on how intelligence teams can improve their efficiency and effectiveness by adopting a requirements-driven approach. This represents a commitment across the threat intelligence lifecycle to explicitly meet the specified needs of relevant stakeholders. Following this approach enables a CTI team to deliver tangible value and improve security outcomes. 

Attendees will learn:
- How to capture effective intelligence requirements. 
- The importance of a threat profile within a CTI strategy
- How intelligence teams can gather more effective feedback from stakeholders

Building an Effective Cyber Threat Intelligence Function

Join Ryan Roobian and Alexa Rzasa for a live discussion on how to better understand your unique threat landscape and attack surface to proactively identify and mitigate your organization's cyber exposure. Ryan and Alexa will discuss the essentials to building a proactive strategy; including how to achieve:
 - Expanded and centralized visibility
 - Intelligence-led prioritization
 - Validated preparedness
 - Faster remediation and optimization 
 - Incident response readiness

Building a Proactive Strategy to Exposure Management

FIN11 is a financially motivated threat group that delivers malware through widespread and highly successful phishing campaigns that have impacted organizations across sectors and geographies. Mandiant Threat Intelligence has observed FIN11 attempting to monetize their operations at least once using named point-of-sale (POS) malware and, more frequently, using ransomware combined with traditional extortion techniques. In addition to their high-volume spam campaigns, FIN11 is also notable due their consistent evolvement of malware delivery tactics and techniques. 

Join Genevieve Stark and Andy Moore from Mandiant Threat Intelligence for a look into the motivations, tactics and operations of this newly “graduated” threat group, including the group’s previous activity, common TTPs, and anticipated future focus.

FIN11: A Widespread Ransomware and Extortion Operation

FireEye

Mandiant

Ransomware

Cyber Attacks

Cyber Crime

Email Security

Data Breach

Cyber Intelligence

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

FIN11: A Widespread Ransomware and Extortion Operation

Presented by

About this talk

More from this channel