The Defender’s Advantage Podcast
In this latest episode, we featured M-Trends contributors Dominik
Weber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)
to take us on a deep dive of our annual M-Trends report. We discussed
how key metrics from our incident response investigations changed,
including: dwell times, source of notification, number of threat
actors tracked, and malware families/trends broken down by operating
system. Additionally, we highlighted things that stood out to Dominik
and Dan, including:
-Malware that used email for command and control
-Malware that leveraged cryptography to protect further stages for
analysis [execution guardrails!]
-How FLARE determines whether a malware sample is a "new" family vs a
variant of an existing family we've seen before
-Targeted ransomware trends
-Chinese threat groups who have been active lately (APT40, APT41,
APT5, and several uncategorized clusters), as well as how the recent
US Justice Department indictments may have impacted operations by
those APT groups
-Dominik's involvement in the annual FLARE-ON challenge and what it's
like to create a challenge (encrypted web shell)
For the full M-Trends report, visit:
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.h
tml
To find out more about the FLARE-On challenge, visit:
http://flare-on.com/