SlideShare una empresa de Scribd logo

CrowdCasts Monthly: When Pandas Attack

CrowdStrike
CrowdStrike

This document summarizes a CrowdStrike webinar on detecting advanced malware-free intrusions. It describes three speakers from CrowdStrike - Dmitri Alperovitch, Chris Scott, and Adam Meyers. The webinar then discusses how adversaries like China and various state-sponsored and criminal groups are adapting their tactics to evade detection, and how security teams must also adapt detection methods to focus on real-time monitoring rather than indicators of compromise. The webinar includes a case study of detecting a webshell attack in near real-time using CrowdStrike Falcon Host and concludes with a demonstration of its endpoint protection capabilities.

Tecnología
1 de 25
Descargar para leer sin conexión
WHEN PANDAS ATTACK HOW TO DETECT, ATTRIBUTE, AND RESPOND TO MALWARE-FREE INTRUSIONS Dmitri Alperovitch - Chris Scott - Adam Meyers
TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 @DMITRICYBER @CROWDSTRIKE | #CROWDCASTS DMITRI ALPEROVITCH | CO-FOUNDER & CTO Dmitri Alperovitch is the Co-Founder and CTO of CrowdStrike. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft. Prior to founding CrowdStrike, Dmitri was a Vice President of Threat Research at McAFee, where he led the company’s global internet threat intelligence analysis and investigations. In 2010 and 2011, Alperovitch led the global team that investigated and brought to light Operation Aurora, Night Dragon and Shady RAT groundbreaking cyberespionage intrusions, and gave thoses incidents their names.
TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 3 @NETOPSGURU @CROWDSTRIKE | #CROWDCASTS CHRIS SCOTT | DIRECTOR, SERVICES Christoper Scott has over 15 years of Fortune 500/DoD/DIB business proficiency, including more than 7 years of targeted threat detection and prevention expertise. As a Director at CrowdStrike Services, Christopher supports a variety of engagements that include: security reviews, incident response, data loss prevention, insider threat analysis and engineering threat detection systems, business continuity and disaster recovery processes. In addition, Christopher assists in building risk recognition systems and advancing the CrowdStrike Services practice.
TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 4 @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS ADAM MEYERS | VP, INTELLIGENCE Adam Meyers has over a decade of experience within the information security industry. He has authored numerous papers that have appeared at peer reviewed industry venues and has received awards for his dedication to the field. At CrowdStrike, Adam serves as the VP of Intelligence. Within this role it is Adam’s responsibility to oversee all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Adam’s Global Intelligence Team supports both the Product and Services divisions at CrowdStrike and Adam manages these endeavors and expectations.
@CROWDSTRIKE | #CROWDCASTS ADVANCED ATTACKERS EVADE IOC-BASED DETECTION HOW CAN YOU FIND AN ATTACK WHEN THERE IS NO MALWARE, NO COMMAND AND CONTROL, AND NO FILE-BASED ARTIFACTS? 2014 CrowdStrike, Inc. All rights reserved. 5
REAL-WORLD CASE STUDIES 2014 CrowdStrike, Inc. All rights reserved. 6
@CROWDSTRIKE | #CROWDCASTS 2014 CrowdStrike, Inc. All rights reserved. 7 LET’S DIVE IN… WHO’S BEHIND THE ATTACK?
UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS RUSSIA Energetic Bear: Oil and Gas Companies HACTIVIST/TERRORIST 2014 CrowdStrike, Inc. All rights reserved. 8 CHINA Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies CRIMINAL Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government
PARCEL ISLANDS Disputed Territory • 16°40′N 112°20′E • Claimed by: – Vietnam (Hoàng Sa Archipelago) – Peoples Republic of China (Xisha Islands) – Taiwan • Originally occupied by French in 1938, the islands were taken by Japan and then China post World War II • In 1974 armed conflict saw the occupation of the islands by victorious PLA forces over ARVN. Unified Socialist Vietnam renewed claims 2014 CrowdStrike, Inc. All rights reserved. 9
HAIYANG SHIYOU 981 May 2, 2014 • Owned by: CNOOC Group – Displacement: 30,670 tons – Length: 114 meters – Beam: 90 meters – Speed: 8 knots – Crew: 160 • Mission: Evaluate potential for Oil Reserves • In theater 2 May – 16 Jul 2014 CrowdStrike, Inc. All rights reserved. 10
CHINESE INTRUSION ACTIVITY May/June 2014 CrowdStrike, Inc. All rights reserved. 11 CHINESE INTRUSION ACTIVITY Increasing activity as conflict escalates
Increasing tensions and intrigue 2014 CrowdStrike, Inc. All rights reserved. 12 HD981 OPERATIONS MAY - JULY 2 May HD981 deployed near Parcel Islands 26 May Vietnamese fishing boat sinks after confrontation with Chinese vessels June tensions continue to rise as HD981 moves closer to Parcel Islands and conducts drilling 16 July HD981 leaves the Parcel Islands in advance of typhoon season and to ‘review data’ from drilling operations
Mid June 2014 • Sunni extremists from the ISIS begin advance on key Iraqi industrial city Baiji • 12 June, ISIS vehicles and personnel burn down courthouse and police station, and release prisoners from jail • 18 June ISIS insurgents begin attacking Baiji refinery the largest in Iraq, this has the capability to refine over 300,000 barrels of oil per day 2014 CrowdStrike, Inc. All rights reserved. 13 ISLAMIC STATE OF IRAQ AND SYRIA (ISIS) Baiji
Top Oil Imports 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA OIL AT RISK
2014 CrowdStrike, Inc. All rights reserved. 15 WHAT HAPPENED? THIS IS A STORY OF THE INCIDENT… @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 16 CASE STUDY: WEBSHELL ATTACK • Suspicious Logins Detected within Environment • Falcon Host Deployed to the Network with CSOC Monitoring – Deployment Time is now Hours not Days – The Cloud Allows Rapid Deployment and Increased Visibility • Not Dependent on Hardware • No Infrastructure to Standup • Visibility on Adversary Actions – Webshell Deployments and Usage – Usage of Sticky Keys – Usage of PowerShell with Custom Encryption
2014 CrowdStrike, Inc. All rights reserved. 17 CASE STUDY: WEBSHELL ATTACK • Watching the Adversary Change TTPs in Real-time – Uploading New Tools, Monitoring for Logons • Security Teams able to Respond within Minutes – Removal of Infected Machines – Memory Capture with Attacker Tools Running • Reduction in Incident Response Timing – Remediate Quicker – Reduce the Need for Deep Dive Forensics – Reduce the Cost of Incident Response • Continued Visibility Going Forward – Detections Allowing Security Teams to Prevent Attacker Foothold
@CROWDSTRIKE | #CROWDCASTS 2014 CrowdStrike, Inc. All rights reserved. 18 ADVERSARIES ADJUSTING TTPS Changes to Persistence • Moving from Workstations back to Servers • Reducing Footprint Forensic Evidence Reduction • Utilizing Memory for Execution, Compression, Exfiltration • Automated Cleanup Processes Simplified Toolsets and Communication Webshells • Compiled on the Fly, Direct to Memory • Utilize SSL Certificates on External Accessible Sites • Utilize Custom Encryption within Microsoft PowerShell
2014 CrowdStrike, Inc. All rights reserved. 19 SECURITY TEAMS MUST ADJUST @CROWDSTRIKE | #CROWDCASTS New Detection Methods • Must be Realtime or Near-Realtime, Sweeping for IOCs is a Losing Proposition • Must Detect Credential Theft as it Happens • Must Capture Adversaries Commands as Forensics are Being Reduced Benefits of Detection Methods • Able to Respond Quicker • Reduce Exposure and Loss • Allow Security Teams to Adjust to Adversary TTPs on the Fly • Increasing Costs to the Adversary
2014 CrowdStrike, Inc. All rights reserved. 20 NOW WHAT? HOW DID WE DETECT AND ATTRIBUTE THIS MALWARE-FREE INTRUSION? @CROWDSTRIKE | #CROWDCASTS
TECHNOLOGY COMPONENTS FALCON HOST CORE COMPONENTS 2014 CrowdStrike, Inc. All rights reserved. 21 FALCON HOST TECH OVERVIEW CLOUD-BASED APPLICATION HOST-BASED DETECTION SENSOR DETECT: STATEFUL EXECUTION INSPECTION RECORD: ENDPOINT ACTIVITY MONITORING INTELLIGENCE: ATTRIBUTION ENGINE
REAL-TIME STATEFUL EXECUTION INSPECTION Email Received Process Silently Executed Executable Hides Itself From Task Manager Executable Call Out to the Internet Email Attachment Opened in Acrobat Reader Executable Saved in Windows/System32 Folder Executable Modifies Windows Registry to Autostart 1 2 3 4 5 6 7 2014 CrowdStrike, Inc. All rights reserved. 22
2014 CrowdStrike, Inc. All rights reserved. 23 LET’S TAKE A LOOK… ENDPOINT PROTECTION DEMO @CROWDSTRIKE | #CROWDCASTS
Q&A @CROWDSTRIKE | #CROWDCASTS Please enter all questions in the Q&A panel of GoToWebinar For information on the CrowdStrike Falcon Platform or CrowdStrike Services, contact sales@crowdstrike.com Q&A 2014 CrowdStrike, Inc. All rights reserved. 24
CrowdCasts Monthly: When Pandas Attack

Recomendados

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 

Recomendados

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseBrendon Macaraeg
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviourDefCamp
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
Cyberextortion
CyberextortionCyberextortion
CyberextortionSalim Al Talie
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.CrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 

Más contenido relacionado

La actualidad más candente

Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseBrendon Macaraeg
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviourDefCamp
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 

La actualidad más candente (20)

Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviour
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
Cyberextortion
CyberextortionCyberextortion
Cyberextortion
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @Crowdstrike
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
 

Destacado

Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.CrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyCrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGSCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperCrowdStrike
 
BSides 2016 Presentation
BSides 2016 PresentationBSides 2016 Presentation
BSides 2016 PresentationAngelo Rago
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersTal Be'ery
 
IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明CODE BLUE
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit KitsJoe Desimone
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperCrowdStrike
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 

Destacado (19)

Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Venom
Venom Venom
Venom
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
BSides 2016 Presentation
BSides 2016 PresentationBSides 2016 Presentation
BSides 2016 Presentation
 
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
 
IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016
 
Pycon Sec
Pycon SecPycon Sec
Pycon Sec
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit Kits
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
 

Similar a CrowdCasts Monthly: When Pandas Attack

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsThreatConnect
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio RosaTI Safe
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Andrew Hammond
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsTripwire
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Certrec
 
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Cyren, Inc
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 

Similar a CrowdCasts Monthly: When Pandas Attack (20)

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 
Quant & Crypto Gold
Quant & Crypto GoldQuant & Crypto Gold
Quant & Crypto Gold
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
 
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

CrowdCasts Monthly: When Pandas Attack

  • 1. WHEN PANDAS ATTACK HOW TO DETECT, ATTRIBUTE, AND RESPOND TO MALWARE-FREE INTRUSIONS Dmitri Alperovitch - Chris Scott - Adam Meyers
  • 2. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 @DMITRICYBER @CROWDSTRIKE | #CROWDCASTS DMITRI ALPEROVITCH | CO-FOUNDER & CTO Dmitri Alperovitch is the Co-Founder and CTO of CrowdStrike. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft. Prior to founding CrowdStrike, Dmitri was a Vice President of Threat Research at McAFee, where he led the company’s global internet threat intelligence analysis and investigations. In 2010 and 2011, Alperovitch led the global team that investigated and brought to light Operation Aurora, Night Dragon and Shady RAT groundbreaking cyberespionage intrusions, and gave thoses incidents their names.
  • 3. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 3 @NETOPSGURU @CROWDSTRIKE | #CROWDCASTS CHRIS SCOTT | DIRECTOR, SERVICES Christoper Scott has over 15 years of Fortune 500/DoD/DIB business proficiency, including more than 7 years of targeted threat detection and prevention expertise. As a Director at CrowdStrike Services, Christopher supports a variety of engagements that include: security reviews, incident response, data loss prevention, insider threat analysis and engineering threat detection systems, business continuity and disaster recovery processes. In addition, Christopher assists in building risk recognition systems and advancing the CrowdStrike Services practice.
  • 4. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 4 @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS ADAM MEYERS | VP, INTELLIGENCE Adam Meyers has over a decade of experience within the information security industry. He has authored numerous papers that have appeared at peer reviewed industry venues and has received awards for his dedication to the field. At CrowdStrike, Adam serves as the VP of Intelligence. Within this role it is Adam’s responsibility to oversee all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Adam’s Global Intelligence Team supports both the Product and Services divisions at CrowdStrike and Adam manages these endeavors and expectations.
  • 5. @CROWDSTRIKE | #CROWDCASTS ADVANCED ATTACKERS EVADE IOC-BASED DETECTION HOW CAN YOU FIND AN ATTACK WHEN THERE IS NO MALWARE, NO COMMAND AND CONTROL, AND NO FILE-BASED ARTIFACTS? 2014 CrowdStrike, Inc. All rights reserved. 5
  • 6. REAL-WORLD CASE STUDIES 2014 CrowdStrike, Inc. All rights reserved. 6
  • 7. @CROWDSTRIKE | #CROWDCASTS 2014 CrowdStrike, Inc. All rights reserved. 7 LET’S DIVE IN… WHO’S BEHIND THE ATTACK?
  • 8. UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS RUSSIA Energetic Bear: Oil and Gas Companies HACTIVIST/TERRORIST 2014 CrowdStrike, Inc. All rights reserved. 8 CHINA Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies CRIMINAL Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government
  • 9. PARCEL ISLANDS Disputed Territory • 16°40′N 112°20′E • Claimed by: – Vietnam (Hoàng Sa Archipelago) – Peoples Republic of China (Xisha Islands) – Taiwan • Originally occupied by French in 1938, the islands were taken by Japan and then China post World War II • In 1974 armed conflict saw the occupation of the islands by victorious PLA forces over ARVN. Unified Socialist Vietnam renewed claims 2014 CrowdStrike, Inc. All rights reserved. 9
  • 10. HAIYANG SHIYOU 981 May 2, 2014 • Owned by: CNOOC Group – Displacement: 30,670 tons – Length: 114 meters – Beam: 90 meters – Speed: 8 knots – Crew: 160 • Mission: Evaluate potential for Oil Reserves • In theater 2 May – 16 Jul 2014 CrowdStrike, Inc. All rights reserved. 10
  • 11. CHINESE INTRUSION ACTIVITY May/June 2014 CrowdStrike, Inc. All rights reserved. 11 CHINESE INTRUSION ACTIVITY Increasing activity as conflict escalates
  • 12. Increasing tensions and intrigue 2014 CrowdStrike, Inc. All rights reserved. 12 HD981 OPERATIONS MAY - JULY 2 May HD981 deployed near Parcel Islands 26 May Vietnamese fishing boat sinks after confrontation with Chinese vessels June tensions continue to rise as HD981 moves closer to Parcel Islands and conducts drilling 16 July HD981 leaves the Parcel Islands in advance of typhoon season and to ‘review data’ from drilling operations
  • 13. Mid June 2014 • Sunni extremists from the ISIS begin advance on key Iraqi industrial city Baiji • 12 June, ISIS vehicles and personnel burn down courthouse and police station, and release prisoners from jail • 18 June ISIS insurgents begin attacking Baiji refinery the largest in Iraq, this has the capability to refine over 300,000 barrels of oil per day 2014 CrowdStrike, Inc. All rights reserved. 13 ISLAMIC STATE OF IRAQ AND SYRIA (ISIS) Baiji
  • 14. Top Oil Imports 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA OIL AT RISK
  • 15. 2014 CrowdStrike, Inc. All rights reserved. 15 WHAT HAPPENED? THIS IS A STORY OF THE INCIDENT… @CROWDSTRIKE | #CROWDCASTS
  • 16. 2014 CrowdStrike, Inc. All rights reserved. 16 CASE STUDY: WEBSHELL ATTACK • Suspicious Logins Detected within Environment • Falcon Host Deployed to the Network with CSOC Monitoring – Deployment Time is now Hours not Days – The Cloud Allows Rapid Deployment and Increased Visibility • Not Dependent on Hardware • No Infrastructure to Standup • Visibility on Adversary Actions – Webshell Deployments and Usage – Usage of Sticky Keys – Usage of PowerShell with Custom Encryption
  • 17. 2014 CrowdStrike, Inc. All rights reserved. 17 CASE STUDY: WEBSHELL ATTACK • Watching the Adversary Change TTPs in Real-time – Uploading New Tools, Monitoring for Logons • Security Teams able to Respond within Minutes – Removal of Infected Machines – Memory Capture with Attacker Tools Running • Reduction in Incident Response Timing – Remediate Quicker – Reduce the Need for Deep Dive Forensics – Reduce the Cost of Incident Response • Continued Visibility Going Forward – Detections Allowing Security Teams to Prevent Attacker Foothold
  • 18. @CROWDSTRIKE | #CROWDCASTS 2014 CrowdStrike, Inc. All rights reserved. 18 ADVERSARIES ADJUSTING TTPS Changes to Persistence • Moving from Workstations back to Servers • Reducing Footprint Forensic Evidence Reduction • Utilizing Memory for Execution, Compression, Exfiltration • Automated Cleanup Processes Simplified Toolsets and Communication Webshells • Compiled on the Fly, Direct to Memory • Utilize SSL Certificates on External Accessible Sites • Utilize Custom Encryption within Microsoft PowerShell
  • 19. 2014 CrowdStrike, Inc. All rights reserved. 19 SECURITY TEAMS MUST ADJUST @CROWDSTRIKE | #CROWDCASTS New Detection Methods • Must be Realtime or Near-Realtime, Sweeping for IOCs is a Losing Proposition • Must Detect Credential Theft as it Happens • Must Capture Adversaries Commands as Forensics are Being Reduced Benefits of Detection Methods • Able to Respond Quicker • Reduce Exposure and Loss • Allow Security Teams to Adjust to Adversary TTPs on the Fly • Increasing Costs to the Adversary
  • 20. 2014 CrowdStrike, Inc. All rights reserved. 20 NOW WHAT? HOW DID WE DETECT AND ATTRIBUTE THIS MALWARE-FREE INTRUSION? @CROWDSTRIKE | #CROWDCASTS
  • 21. TECHNOLOGY COMPONENTS FALCON HOST CORE COMPONENTS 2014 CrowdStrike, Inc. All rights reserved. 21 FALCON HOST TECH OVERVIEW CLOUD-BASED APPLICATION HOST-BASED DETECTION SENSOR DETECT: STATEFUL EXECUTION INSPECTION RECORD: ENDPOINT ACTIVITY MONITORING INTELLIGENCE: ATTRIBUTION ENGINE
  • 22. REAL-TIME STATEFUL EXECUTION INSPECTION Email Received Process Silently Executed Executable Hides Itself From Task Manager Executable Call Out to the Internet Email Attachment Opened in Acrobat Reader Executable Saved in Windows/System32 Folder Executable Modifies Windows Registry to Autostart 1 2 3 4 5 6 7 2014 CrowdStrike, Inc. All rights reserved. 22
  • 23. 2014 CrowdStrike, Inc. All rights reserved. 23 LET’S TAKE A LOOK… ENDPOINT PROTECTION DEMO @CROWDSTRIKE | #CROWDCASTS
  • 24. Q&A @CROWDSTRIKE | #CROWDCASTS Please enter all questions in the Q&A panel of GoToWebinar For information on the CrowdStrike Falcon Platform or CrowdStrike Services, contact sales@crowdstrike.com Q&A 2014 CrowdStrike, Inc. All rights reserved. 24