Name: Living Off The Land on a Private Island: An Overview of UNC1945
Start: 2020-11-12T16:00:00Z
End: 2020-11-12T16:46:53.000Z
Location: BrightTALK

Mandiant provides public and private organizations and critical infrastructure worldwide with early threat insights through unmatched intelligence and response expertise for the highest-profile incidents.

Legacy tools designed before the cloud era do not deliver comprehensive visibility into the entire external attack surface, leaving assets out of sight and potentially vulnerable. Confirming this, Mandiant observed 21K+ critical and high severity issues across the customer base from January to March 2022. 

Join Jonathan Cran and Nader Zaveri for a discussion on the common entry points identified by Attack Surface Management in Q1 2022. They’ll discuss:
• How organizations end up with exposed external assets
• The methodology behind issue identification at scale
• Actions the security team can take to harden the external attack surface 
• Where an attack surface management approach fits into the overall cyber defense program at any organization

Common Entry Points Exposed on the Internet

In recent years, Mandiant has observed a significant increase in threat activity within the OT/ICS space targeting industrial and critical infrastructure organizations - threats that have the potential to impact production and safety measures.

As we continue to observe actors targeting OT in different ways—ranging from opportunistic actors to ransomware operators and even nation-state sponsored groups —our ability to acquire valuable data increases and enables a holistic view of the threat landscape. 

Daniel Kapellmann Zafra, Sr. Analysis Manager for Cyber Physical Threat Intelligence, will share details on how through enhanced visibility into diverse data sources, we can help identify threat actor activity during the early stages of the attack lifecycle and prevent them reaching production systems.

Big Picture Viewpoint Helps Uncover Operational Technology Threats

Global geopolitical summits, elections and sporting events are some of the most visible international, national and regional events. They also present unique cyber security challenges with respect to critical supportive infrastructure. These major events can last from a single day to multiple weeks or months, necessitating variable capabilities and surge capacity.  
 
Join Jon Ford, Managing Director, U.S. Government Consulting, Paul Tumelty, Sr. Manager, EMEA Government Consulting and Matt Hurling Sr. Consultant EMEA Government Consulting as they discuss Mandiant’s recommended multi-faceted approach to event security.  
 
 Topics will include:  
• How to defend against cyber threats with active defenses informed by intelligence 
• The three phases and their components to provide event security 
o Prepare, harden and exercise (understand the environment) 
o Test, monitor and defend (anticipate threats) 
o Respond, contain and remediate (impose costs and survive attacks)

Event Cyber Security: Defending against Cyber Threats with Whole World Watching

Establishing and maintaining a comprehensive internal and external view of enterprise infrastructure is largely manual. For red teams or penetration testers tasked with testing the security posture, it can take weeks to complete reconnaissance efforts before testing begins. 

Mandiant Advantage Attack Surface Management is trusted and relied upon by one of the most revered cyber security consulting teams in the industry, Mandiant Consulting.  Mandiant Consultants leverage Attack Surface Management to automate external asset discovery and reconnaissance efforts at the onset of and continuously throughout customer engagements. 

Join Mandiant experts for a discussion on how automating reconnaissance benefits the security posture of customers.  The team will discuss:
- How they achieve visibility into a customer’s distributed IT environment that surpasses the knowledge of the customer. 
- Where to prioritize immediate efforts with insight into the high-risk assets being targeted by threat actors 
- How security teams can benefit from increased external visibility

Attack Surface Management : The Power of Automated Discovery

Threat Intelligence covers an incredibly broad scope when it comes to cyber operations. Too often this is reduced to threat data feeds aimed at enriching SIEM detection. 

This leads to reactive operations, focusing on an event after it has occurred. One of the largest challenges organizations face is leveraging threat intelligence in order to help them turn their Security Operations into a proactive program. 

In this webinar, Ben Cook and Ryan Roobian will discuss leveraging the MITRE ATT&CK framework to help operationalize threat intelligence in a more proactive way.

Register for our webinar to better understand: 
- How to focus on what matters to your organization?
- How to objectively map these actors to a framework that will allow you to accurately know how to prioritize time and efforts?
- A use case of the Mandiant Threat Intelligence module 
- How to test these use cases against your current controls through Mandiant Security Validation
- How to build procedures around the Threat Intelligence use cases developed
- How to measure your controls based on those procedures
- Understand what the different solutions to the gap analysis are

Leveraging the MITRE ATT&CK framework to operationalize threat intelligence

The Biden Administration recently issued a statement warning of potential cyberattacks against U.S. organizations, as tensions rise between Russia and the rest of the world. Potential attacks to state and local critical infrastructure would disrupt the lives of millions of Americans, affecting lifeline services such as power, water, healthcare services, and supply chains. 

State, tribal and municipal government organizations need clear visibility into their risks and interconnected assets, IT governance and more. The federal government is zeroing in on what governors and mayors can do right now to protect their citizens, including funds available to strengthen cyber posture.

Join us as we share steps state, local and tribal governments can take to:
• Understand the current threat environment and associated risks to government infrastructure
• Learn about the cyber security baseline every state executive should be able to answer as described in the March 30th letter to every governor from the Biden Administration
• Access CISA Shields up, a repository of services, advisories, guidance, and best practices to help states get started strengthening their cyber security posture 
• Tap into $1B DHS Grants funding to protect state infrastructure through 2025
• Get started for free today with Mandiant Intel and Services

Tap Into DHS Cyber Grants Funding to Strengthen State & Local Infrastructure

Organizations pursue mergers and acquisitions (M&A) to develop strategic business advantages. As part of their due diligence, companies investigate the potential business impact and risks from the merger or acquisition in several areas, including financial, legal and intellectual property. But they don’t always fully explore the consequences of combining the cyber security practices and technologies of two different organizations.
 
Join Mandiant consultants as they discuss why organizations going through a merger & acquisition need to identify priorities and asses vulnerabilities and security gaps. Our experts will share real life examples of how organizations we work with have done just that, allowing them to:  
 
1. Drive greater accuracy in the value of an acquisition by taking business and security risks into account before closing a deal
2. Review active and dormant risks that can threaten the acquiring brand's reputation and trust if left undetected
3. Define an integration strategy for disparate environments that is safe, efficient, and cost effective

Mandiant Tales from the Trenches | M&A Security Due Diligence

In The Sample FLARE analysts present stories of notable malware samples they have reverse engineered. The FLARE team studies hundreds of malware samples each month and here they share highlights of real-world malware and analysis techniques. These talks aim to educate and entertain technical and non-technical attendees alike.

In this first iteration, join Chris Gardner of the FLARE team as he examines the malware gift that keeps on giving. Even after politely asking it to stop. This talk covers:
- How to analyze droppers that just won’t stop dropping more PE files.
- How to extract new payloads when a sample performs process injection.
- Why open-source intelligence is both beautiful and dangerous.
- What analysis tricks reduced analysis time to a mere 45 hours.

The Sample: Beating the Malware Piñata

Vulnerabilities are discovered, disclosed, weaponized, and exploited at scale at an alarming rate around the internet every day. As enterprises grow increasingly more complex, it becomes harder and harder to identify and prioritize vulnerabilities within the organization before they are exploited by attackers.  
 
In this webinar, Jared Semrau, Director of Vulnerability Intelligence at Mandiant will be joined by Steve Carter, Co-founder and CEO of Nucleus Security to discuss how vulnerability intelligence can inform vulnerability management prioritization and decision making to ensure that organizations are focusing on the right vulnerabilities at the right time. 
 
The discussion will cover:
1.       The value proposition for enriching scan results with 3rd party vulnerability intelligence
2.       A deep dive into Mandiant’s vulnerability intelligence offering
3.       Operationalizing Mandiant’s vulnerability intelligence and automating intelligence-led vulnerability remediation at scale.

Using Threat Intelligence to Stay Ahead of Vulnerability Exploitation

An evolving and escalating threat landscape requires us to challenge the status quo and elevate our diverse community of women in cyber security to rise to the occasion. 
Join Mandiant, Microsoft, Kraus Hamdani Aerospace a NightDragon Portfolio company, and AthenaAlliance for a live panel discussing the state of cyber security and the opportunity that it presents to “elevate” the essential role of women in the industry. 

Listen in to a candid conversation between top women leaders from across the cyber security industry addressing the following:
• How they have been breaking biases.
•  Elevating the next generation of female executives.
•  Bringing their unique perspectives and talents to inspire change.
•  Sharing professional insights about cyber threats and the state of security today.
•  Contributing personal anecdotes about leadership and authenticity as a woman in 
         the current  environment. 

Facilitating and moderating the event will be Erin Joe, SVP of Strategy and Alliances, Mandiant and Executive Sponsor of Elevate and Coco Brown, Founder and CEO of Athena Alliance, and the panel will feature female executives from companies committed to elevating women in cyber security: 
Sandra Joyce, EVP, Mandiant Intelligence
Vasu Jakkal, CVP Security, Compliance, Identity, and Management, Microsoft 
Fatema Hamdani, Co-Founder and CEO of Kraus Hamdani Aerospace Inc., NightDragon Portfolio Company

About Elevate
Elevate’s vision is to create a community of women leaders and advocates in the cyber security industry. Our mission is to inspire, educate, and elevate women leaders throughout their career journeys. Mandiant and the Elevate network are committed to helping women leaders thrive, and to growing and educating the next generation of cyber security industry leaders.

Elevate your Cyber Awareness: Question your Assumptions Webinar

Mandiant gathered sufficient evidence to assess that UNC2452, the group responsible for the 2020 SolarWinds supply chain compromise, is attributable to APT29, a Russia-based espionage actor assessed to be sponsored by the Russian Foreign Intelligence Service (SVR). This webinar provides awareness and additional insights on the evolution of APT29's operational and behavioral tactics, techniques, and procedures (TTPs).

Assembling the Russian Stacking Doll: UNC2452 Merged into APT29

M-Trends 2022 provides an inside look at the evolving cyber threat landscape directly from global incident response investigations and threat intelligence analysis of high-impact attacks and remediations around the globe. With all the information from the frontlines, the most important question is – how do we make it work for us?

Join two of Mandiant’s solution experts as they discuss how Mandiant brings it all together. 

Topics will include:
• Who is targeting you and how we collect, analyze and share insights
• How attackers see you and how we show you the opportunities you present to them
• How you can know whether you are prepared
• How to make an informed response when you are compromised

M-Trends At Work: Making It All Count

Active Directory is the most common on-premises identity provider solution for organizations around the globe. With the rise of cloud adoption, it is now frequently used in a cloud/on-premises hybrid model to manage and sync user identities between the environments. 

Over the last year, Mandiant has observed a higher volume of misconfigurations with Active Directory and hybrid identity models which resulted in successful vertical privilege escalation and stealthy persistence. These configuration missteps put organizations at a higher risk for harmful compromise, which calls for increased focus on hardening Active Directory setup and processes.

Join Andrew, one of Mandiant’s frontline consultants, as he walks us through an Active Directory attack lifecycle—Red Team style.

Topics of discussion will include:
• Modern attacker TTPs for Active Directory
• Hidden misconfigurations that can lead to domain compromise
• Dangers associated from this type of compromise
• Proven mitigation strategies and recommendations

Hidden Active Directory Misconfigurations: Red Team Style

Ransomware attacks are not slowing down, and neither are the evolving techniques used by adversaries who will stop at nothing to achieve their mission of financial gain. With a median dwell time of only five days for ransomware deployment (compared to 36 days for non-ransomware intrusions), security teams must be steadfast in their ransomware detection, response, and remediation preparedness.

M-Trends 2022 provides unique insights into new attacker TTPs used to deploy ransomware rapidly and efficiently with focus on virtualization infrastructures as a prime/growing target of entry. In addition, organizations must do more to plan and execute recovery operations that stand the test of time.

Join two of Mandiant’s frontline principal consultants as they discuss the evolving ransomware landscape and recovery strategies that security teams can put into motion. 

Topics of discussion will include:
• Newly observed attacker tools, tactics, and procedures
• Latest recommended mitigation activities
• Common themes that help (and hinder) recovery operations
• Critical components of an effective response
• Considerations for effective recovery actions

Ransomware: New Attacker TTPs and Recovery Strategies for Security Teams

M-Trends 2022 provides insights on the changing strategies behind China’s approach to cyber operations. Historically, China has used its cyber capabilities to secure regional power and ensure it is a vital component of the world’s economy and global supply chain. 

China’s cyber activities have undergone several changes and reorganizations over the years. Join Cristiana, one of Mandiant’s principal threat analysts, as she provides an overview of China’s cyber operations including strategic realignments and retooling within groups that closely align to priorities of the implementation of China’s 14th Five-Year Plan. 

Stay ahead of this nation-state threat by understanding the attacker characteristics and what they could mean for your organization’s security posture.

Topics of discussion will include:
• Restructuring and centralization of power 
• Attacker tactics, techniques, and procedures (TTPs)
• Geopolitics and regional outlook

The Evolution of China’s Approach to Cyber Operations

The M-Trends 2022 report is packed with timely data from Mandiant’s frontline incident response experience and unparalleled threat intelligence, offering insight into the most impactful breaches and attacker operations around the world. 

Join two of Mandiant’s top threat analysts as they dive into the latest trends and walk you through what these findings mean for your organization.

Topics for discussion include:
• Global and Regional Dwell Times
• Detection by Source Trends
• Industry Targeting Metrics
• New and Notable Threat Groups
• Top Infection Vectors and Malware Families
• Most Prevalent Attacker Techniques
• And more!

Today’s Top Cyber Trends and Attacks: By the Numbers

In conjunction with the Mandiant report published on April 13th, our experts share the detailed findings from research conducted on INCONTROLLER. This set of attack tools were built to target machine automation devices and allow attackers to shut down, reprogram, or disable industrial control systems. This briefing will cover:

• An overview of the INCONTROLLER attack tools, their capabilities against a variety of different ICS devices using industrial network protocols
• Our assessment of the threat these tools present, the targeting and TTPs to watch for from notable threat clusters
• Mandiant findings and recommendations, including a range of mitigations, discovery methods, and hunting tools to help organizations identify and defend against INCONTROLLER

Identify & Defend Against Rare INCONTROLLER Industrial Controls Attack Tools

A zero-day vulnerability as ubiquitous as Log4Shell is a nightmare scenario for most organizations. 

Understanding the lifecycle of a zero-day attack, and the points where the SOC can defend it, is key to preventing even the most advanced attacks. Find out how Mandiant’s Managed Defense experts defended against one of the largest cyber security threats of 2021. 

In this webinar, Mandiant Managed Defense will share insights to help your organization be prepared for the next zero-day attack:
• The types of campaigns Mandiant observes when sweeping zero-day vulnerabilities hit like Log4Shell and Microsoft Exchange
• The timelines of advanced attacks and how the typical Security Operations Center can respond.
• The steps to prepare and defend against future vulnerabilities and advanced attacks.

Get Ready for the Next Zero Day: Planning for the Unknown

Through Mandiant investigation of intrusions between February 2018 through September 2020, the FLARE Advanced Practices Team observed a group Mandiant tracks as “UNC1945” compromise and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks. 

Please join Mandiant’s Justin Moore and Jacob Thompson,  for a look at UNC1945, including the group’s:

• Demonstrated access to exploits, tools, and malware for multiple operating systems
• Exploitation of an Oracle Zero-day
• Disciplined interest in covering or manipulating their activity
• Advanced technical abilities during interactive operations

Register Now!

Living Off The Land on a Private Island: An Overview of UNC1945

FireEye

Mandiant

Threat Analysis

Threat Horizon

Cyber Security

Cyber Attacks

Cyber Crime

Threat Intelligence

Cyber Intelligence

Threat Detection

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Living Off The Land on a Private Island: An Overview of UNC1945

Presented by

About this talk

More from this channel