Name: Closing the Backdoor: Reverse Engineering SUNBURST
Start: 2021-04-15T14:00:00Z
End: 2021-04-15T14:01:00.000Z
Location: BrightTALK
Rating: 5

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

Mandiant Managed Defense presents a quarterly webinar series, "Tales from the Trenches," to help you navigate the ever-evolving threat landscape. Our security experts will dive into the latest malware and attack trends they've encountered in the previous quarter. You'll gain valuable insights into how these threats were detected, along with actionable advice to strengthen your own defenses.

In the first installment of the series, Managed Defense consultants will detail findings from January through March 2024, including:

*Phishing emails deploying ASYNCRAT malware
*Ongoing exploitation of ScreenConnect vulnerabilities and hardening guidance 
*New FAKEUPDATES technique compromising Outlook email signatures

Reserve your spot today!

Tales from the Trenches: Malware and attack trends from Managed Defense

Join us for an informative webinar to learn what organizations can do to mitigate cybersecurity risks seen on the front lines from Mandiant consultants in light of the growing zero-day attacks.

By taking a proactive approach to cybersecurity, organizations can empower themselves to navigate the challenging threat landscape with confidence. 

In this session, we will outline actionable steps you can take, including:

*Understanding your external attack surface and public-facing assets
*Ensuring endpoint security solutions have broad internal coverage
*Restricting external network protocols and services
*Implementing strong multi-factor authentication
*Enhancing logging, monitoring, and detection capabilities
*Bolstering incident response strategies and processes

Join us in this webinar to learn how you can position your organization for cybersecurity resilience.

Proactive Cybersecurity: 6 Critical Tasks to Mitigate Risk

Whether you're a security engineer, IT professional, or simply someone concerned about protecting your organization's information, this webinar will showcase how AI can transform the way you approach security.

Join us to learn how to:

Strengthen your defenses
Enhance threat detection
Improve response
Our expert speakers will demystify the complexity of AI and guide you through its practical applications in the realm of cybersecurity - even if you aren't an expert.

Unleashing AI for cybersecurity: Empowering non-experts to take action

Recent attacks on K-12 school districts have put student and staff data at risk. Don't let your district become the next victim. Join leading cybersecurity experts as they discuss ways to empower K-12 security leaders and administrators to defend against the latest threats and secure their students, staff and educational environments.

Why attend?
- Learn about escalating K-12 cyber threats: Ransomware, data breaches, and more.
- Prioritize and Prepare for Evolving Threats: Learn how to assess cyber risks and develop robust defense strategies.
- Leverage Threat Intelligence: Discover how to identify vulnerabilities before they are exploited.
- Build a Proactive Defense Strategy: Implement practical strategies to keep your district ahead of cyber threats.
- Learn about resources to help improve your security posture today


Who should attend?
K-12 security managers, directors, CISOs, IT managers/VPs/directors
Anyone responsible for protecting student and staff data
School district leaders concerned about cyber threats

K-12 Cybersecurity Roundtable: Protecting Our Schools from Rising Cyber Threats

Security teams need to be more proactive about finding threats before they can cause too much damage. How do these enterprises build threat hunting programs? What stakeholders needs to be involved? What skills are necessary for the threat hunting team? In this Dark Reading webinar, a top expert discusses the process for building a threat hunting program and what tools they need. Get practical tips on questions to ask and processes to build out as part of getting started.

During this webinar you will:

Get advice on how to get a new program off the ground.
Find out what resources are required to get a threat hunting program launched, and where to find them.
Gain insight into the latest tools and tricks used by the some of the world’s top threat hunters.

How to Launch a Threat Hunting Program

No technology has ever emerged as quickly as generative AI has – or come with such a confusing set of myths about how threat actors are already leveraging AI-driven tools to overwhelm enterprise defenses.

Join us as we separate fact from fiction and put myths to rest about the use and capabilities of generative AI.

Watch this webinar to learn:
• How threat actors specifically use generative AI to bypass or compromise enterprise security systems;
• Real-world applications of generative AI that are proven successful in enhancing cybersecurity posture;
• Generative AI's projected growth rate and how it will affect your enterprise's ability to keep pace with security protocols.

Generative AI: Myths, Realities, and Practical Use Cases

Suspected espionage group, UNC5221, has launched a sophisticated cyberattack exploiting zero-day vulnerabilities recently disclosed (CVE-2023-46805 and CVE-2024-21887) by Ivanti in their Connect Secure (ICS) VPN and Policy Secure (IPS) appliances. 

Please join Mandiant’s John Wolfram, Matt Lin, and Robert Wallace as they shed light on this suspected espionage campaign, including:

*Technical Analysis: We'll dissect UNC5221's custom malware arsenal, including the ZIPLINE backdoor, THINSPOOL dropper, LIGHTWIRE and WIREFIRE web shells, and WARPWIRE credential harvester.

*Attacker Motivations and Tactics: Explore UNC5221's suspected espionage objectives and the strategic use of compromised edge infrastructure for command and control.

*Remediation and Defense Strategies: Learn concrete steps to mitigate these vulnerabilities, deploy Ivanti's Integrity Checker Tool (ICT), and strengthen your defenses against future zero-day attacks.

This webinar is designed for IT security professionals, network administrators, and anyone concerned about zero-day exploits and espionage campaigns.

Presenters:

Andrew Kopcienski, Principal Analyst (Moderator)
Matt Lin, Consultant, Incident Response
Robert Wallace, Consultant, Incident Response
John Wolfram, Sr. Threat Analyst

Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits

2023 fits Mandiant observations that zero-day exploitation has been trending upward for the last few years. Mandiant tracked over 80 zero-day vulnerabilities in 2023, which represents almost double the number from 2020 and continued trend upward in the last ten years.

Join Mandiant experts for a discussion on these trends and the evolution of the broader vulnerability exploitation landscape in 2023. During this session, our team will discuss:

-2023 zero-day exploitation in the context of historical trends
-Chinese cyber espionage actors’ focus on stealth during vulnerability exploitation
-N-day vulnerability trends, including time to exploit analysis

What you will learn:

In addition to understanding the vulnerability exploitation landscape, we’ll discuss how this analysis can inform strategies for successful vulnerability prioritization. We’ll demonstrate how you can apply threat intelligence to help assess risk and make informed decisions about vulnerability management and patching in your own environments.

The Evolution of the Vulnerability Landscape in 2023

The cyber threat landscape is constantly evolving, and defenders have the challenging task of keeping up. By exploring the trends we see today, we can improve our cyber readiness and be better prepared for the year ahead. 

To help organizations navigate the cyber landscape in 2024, security expert Andrew Kopcienski is presenting a deep-dive session to cover many of the topics discussed in the latest Google Cloud Cybersecurity Forecast 2024 report, including:

- Tactics and tools to steal credentials
- SMS phishing, notably to access environments
- Increasing use of zero-days
- More targeting of edge and other devices  

Register for the webinar, and read the Google Cloud Cybersecurity Forecast 2024 report: https://cloud.google.com/resources/security/cybersecurity-forecast

Google Cloud Cybersecurity Forecast 2024

The presentation seeks to explore the transformation of cybersecurity methodologies in the face of an evolving digital world. In the context of the Canadian financial sector, this has included regulatory guidance and a focus on managing insider threats. 
The essence of this shift is the focus on Insider Risk Management (IRM). Insider risks - whether unintentional or intentional - pose a significant threat to organizations. The discussion will examine how insider threats have evolved and how they now require NextGen methodologies and tools to properly mitigate and manage. 

By exploring various case studies of significant insider threat incidents, the presentation aims to underscore the critical importance of IRM and its role in a holistic cybersecurity strategy. 

Join Mandiant to understand: 
- Strategies for leaders to meet regulatory guidance and drive this change
- Fostering a culture of cybersecurity resilience within their organizations.

Shawn Thompson is currently the Senior Manager, Global Insider Risk Services. 
He possesses over 20 years’ experience investigating, prosecuting, and managing insider risk and is widely recognized for his unique blend of expertise and experience. Prior to joining Mandiant, he served as CEO of ITMG, a leading insider risk management consulting firm. He is a former AUSA, DoD Special Agent, Assistant General Counsel, and senior government official who held executive positions with the FBI, NSA, DOJ, and DNI. He is a pioneer in the field of insider risk management, serving as a frequent thought leader on a variety of security and risk management topics. 

Mr. Jordan is a Senior Manager focusing on Strategic Cybersecurity services at Mandiant’s office located in Toronto. Mr. Jordan is responsible for managing and delivering Virtual CISO (vCISO), Security Program Assessments, Cyber Response Readiness Assessments, Cyber Due Diligence, Security Program Development and Transformation engagements for organizations and governments.

Next-Generation Insider Risk Management

This webinar will provide an overview of how a comprehensive cyber crisis communications plan and formal disclosure controls are essential to complying with the SEC's new cybersecurity disclosure rule. During the webinar, our panel of cyber security crisis communications and legal experts will cover:

1)  How disclosure controls are essential to determining materiality and timely, and accurately, reporting during a cyber event 
2)  What types of disclosure controls are necessary in the cyber domain and how they impact the materiality determination during an investigation
3)  How to accelerate your cyber crisis communications response strategy by aligning with cyber specific disclosure controls 
4)  The importance of message discipline when responding to a cyber event, now and after the rule comes into effect

This webinar is essential for all U.S public companies responsible for cybersecurity legal compliance and crisis communications and planning. 

By attending, you will learn how to properly disclose a cybersecurity incident and how to annually disclose your organization’s processes for assessing and managing your cybersecurity governance and risks.

SEC Cybersecurity Rule Compliance Through Effective Disclosure Controls

The manufacturing industry is a prime target for cyber attackers, who are increasingly using multi-faceted extortion and espionage tactics to gain access to sensitive data and disrupt operations. This webinar will provide an overview of cyber threats targeting the manufacturing industry, including:

1) Trends and data observed with multi-faceted extortion attacks
2) Cyber espionage campaigns targeting the sector
3) How the sector might be used as a jump point via supply chain attacks to other sectors

The webinar will feature cyber security intelligence and advisory experts in the manufacturing industry who will discuss the following topics:

1) How to use cyber threat intelligence to ensure better outcomes
2) Why context is vital when prioritizing alerts and threats

This webinar is essential for anyone who is responsible for cyber security at a manufacturing company. You will learn about the latest threats facing your industry and how to protect your organization from these attacks.

The Cyber Security Threat Landscape Targeting the Manufacturing Industry

Attack surface data is the ever-increasing amount of information that attackers can use to exploit vulnerabilities in an organization's systems and networks. One of the biggest challenges in parsing through attack surface data is its sheer volume and complexity. Attackers are constantly developing new techniques and tools to exploit vulnerabilities, and organizations need to be able to keep up. 
This means that security teams need to be able to quickly and accurately identify and prioritize vulnerabilities, even if they are buried in a sea of data.

Join the Mandiant team for a live discussion on outcome-based asset discovery, an easy-to-use method of understanding attack surface exposures. The team will discuss and demo:
- How to define the outcomes or success criteria of asset discovery 
- The various use cases external attack surface management can solve for
- The different ways to operationalize attack surface findings across the organization

Register Now!

Attack Surface Discovery at Scale

Join Mandiant Intelligence Capability Development experts who will outline the characteristics of top-performing cyber threat intelligence (CTI) teams and how to build them. We will provide actionable advice on how intelligence teams can improve their efficiency and effectiveness by adopting a requirements-driven approach. This represents a commitment across the threat intelligence lifecycle to explicitly meet the specified needs of relevant stakeholders. Following this approach enables a CTI team to deliver tangible value and improve security outcomes. 

Attendees will learn:
- How to capture effective intelligence requirements. 
- The importance of a threat profile within a CTI strategy
- How intelligence teams can gather more effective feedback from stakeholders

Building an Effective Cyber Threat Intelligence Function

Join Ryan Roobian and Alexa Rzasa for a live discussion on how to better understand your unique threat landscape and attack surface to proactively identify and mitigate your organization's cyber exposure. Ryan and Alexa will discuss the essentials to building a proactive strategy; including how to achieve:
 - Expanded and centralized visibility
 - Intelligence-led prioritization
 - Validated preparedness
 - Faster remediation and optimization 
 - Incident response readiness

Building a Proactive Strategy to Exposure Management

With a marked increase RaaS, APT, and nation-state sponsored attacks in the industrial cybersecurity sector over the last 18 months it is more critical than ever for organizations to build effective incident response capabilities for their Operational Technology (OT) and Industrial Control Systems (ICS) environments.

Often when the OT process is down, so is the revenue stream. The pressure to get back operational is high – having a solid practiced plan, the right tools in place, and an effective decision-making process are critical to restoring production.

Watch this webinar to learn how to:

Better prepare for the convergence of IT and OT systems with improved threat awareness and expanded knowledge of attacker;
Maintain business continuity by hunting for threats and boost the ability to monitor, detect and respond to threats;
Create a plan and process to restore production in the event of an APT and nation-state sponsored attack.

A Proactive Approach to Incident Response for OT

Threat intelligence provides security teams with insights into the kinds of attacks that may target their organizations and prioritize their security activities. But what if the risk is coming from third-party partners and systems? In this webinar, experts discuss how security teams can use available threat intelligence to identify third-party risk and work with partners to mitigate them. Learn how to decide what to collect and how to correlate the information with internal data sources and those belonging to partners and suppliers to get the proper view of the threats. Walk away with practical tips on how to use threat intelligence to work with suppliers as part of an overall security strategy.

During this webinar you will:

- Pinpoint data streams most valuable for threat intelligence gathering.
- Identify data that can help identify potential third-party exposure.
- Get professional tips on how to work with suppliers to mitigate cybersecurity risk.

How to Use Threat Intelligence to Mitigate Third Party Risk

For cybersecurity, artificial intelligence (AI) has the potential to benefit both the defenders and their adversaries. 

Threat actors are using AI to instantly generate sophisticated and evasive attacks, while security teams are now using AI-powered security tools to better protect against them. Today, Mandiant consultants are leveraging AI to help defenders reduce the amount of time needed to detect, respond, and remediate these attacks. 
 
Tune into this webinar to learn how Mandiant consultants use AI on the front lines to improve engagement efficiency and effectiveness—alongside their hands-on expertise and embedded threat intelligence.
 
Attendees will learn from Mandiant speakers Trisha Alexander, Ron Craft, and Jennifer Guzzetta how to use AI as a starting point to:
• Accelerate the investigation process of incident response events
• Streamline the generation of baseline threat detections
• Apply diverse query languages for navigation across multiple security platforms

AI & Cybersecurity: How Mandiant Consultants Accelerate Detection & Response

At the end of 2020, FireEye revealed the details of a sophisticated threat actor that took advantage of SolarWinds’ Orion Platform to orchestrate a wide-scale supply chain attack and deploy a backdoor we call SUNBURST. 
 
This attack impacted organizations worldwide, leading executives everywhere to question whether their environment fell victim. Discovering, sharing, and shutting down access to the SUNBURST backdoor, which allowed attackers to move freely and spy on victims, required the unique expertise of Mandiant’s Frontline Applied Research and Expertise (FLARE) team. And for Mandiant Managed Defense, the identification of victims started well before the public became aware of the SUNBURST campaign. 
 
Join Mandiant experts for a retelling of the SUNBURST discovery story and a look inside how they addressed the SUNBURST threat with customers, including stories from the front lines of this customer-focused response. Our experts will also highlight: 
 
•	How this prolific cyber-attack changes the way we view security 
•	SUNBURST threat actor TTPs and how Mandiant hunts for the most relevant, and dangerous threats 
•	What threat hunting techniques should be deployed to find today’s stealthiest attackers 

Be sure to check out all of the sessions in our FireEye Mandiant Virtual Summit 2021, Innovation Forward. A New Era of Resilience. - Live on April 13-15.  https://virtualsummit.fireeye.com/

Closing the Backdoor: Reverse Engineering SUNBURST

FireEye

Mandiant

Reverse Engineering

Cyber Security

Incident Response

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Closing the Backdoor: Reverse Engineering SUNBURST

Presented by

About this talk

More from this channel