Cyber from the Frontlines

In this episode, we talk about hunting BlackSuit ransomware with Scott P., Sr Threat Hunter at Intel471. BlackSuit is a rebrand of Royal and the ransomware operator is also believed to be from the now shutdown Conti group. The conversation also highlights possible hunt outcomes that help in augmenting the security posture of an organization. Scott also talks about automation and what phases of a threat hunt could be automated. Tune in to gain valuable insights here: Spotify: https://lnkd.in/e2qEFPh5 Youtube: https://lnkd.in/eTchhvNT

In this episode, we talk about the current state of Cybercrime with Jon DiMaggio, Chief Security Strategist at Analyst 1. Jon is also a published author and his book, The Art of Cyber Warfare, won the 2022 SANS Difference Makers Award for Cybersecurity Book of the Year. His ongoing work, The Ransomware Diaries, won the same award this year. The conversation highlights the evolving nature of the cybercrime industry, the significant players involved, and the nuanced understanding required for threat intelligence and attribution. Jon also highlights both the basic and advanced measures organizations should take to prevent cyberattacks, emphasizing the importance of both employee education and robust technical defenses. Key Points: a). Dominance of Ransomware: Ransomware remains the predominant threat within cybercrime, attracting many threat actors due to its high payout potential. b). Lockbit: Faced significant law enforcement actions, including infrastructure takedowns and psychological operations aimed at damaging their brand and internal trust. Recent sanctions and indictments are expected to deter affiliates, potentially reducing Lockbit’s significance. c). Law Enforcement Efforts: Increased resources and time dedicated to targeting top cybercrime organizations is potentially shortening their operational lifespans. d). Ransom Hub: Speculation on whether Ransom Hub is a rebrand of BlackCat remains inconclusive. Current evidence is circumstantial, showing some similarities in ransomware payloads and tactics due to shared personnel and affiliates. Despite connections, Ransom Hub is considered a distinct group until more definitive evidence suggests otherwise. e). Trends in Ransomware Attacks: Shift towards data theft rather than encryption, as data extortion proves more lucrative. Ransomware groups often do not delete stolen data even after receiving payment, as evidenced by cases involving BlackCat, Ransom Hub, and Lockbit. The non-deletion of data is a growing issue, increasing the likelihood of re-extortion. Resources: Jon's Book - The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime Ransomware Diaries Tune in to gain valuable insights here: Spotify: https://lnkd.in/eAawMFtJ Youtube: https://lnkd.in/ePiKPc_S

In this episode, we talk about the current state of Cybercrime with Jon DiMaggio, Chief Security Strategist at Analyst 1. Jon is also a published author and his book, The Art of Cyber Warfare, won the 2022 SANS Difference Makers Award for Cybersecurity Book of the Year. His ongoing work, The Ransomware Diaries, won the same award this year. The conversation highlights the evolving nature of the cybercrime industry, the significant players involved, and the nuanced understanding required for threat intelligence and attribution. Jon also highlights both the basic and advanced measures organizations should take to prevent cyberattacks, emphasizing the importance of both employee education and robust technical defenses. Key Points: a). Dominance of Ransomware: Ransomware remains the predominant threat within cybercrime, attracting many threat actors due to its high payout potential. b). Lockbit: Faced significant law enforcement actions, including infrastructure takedowns and psychological operations aimed at damaging their brand and internal trust. Recent sanctions and indictments are expected to deter affiliates, potentially reducing Lockbit’s significance. c). Law Enforcement Efforts: Increased resources and time dedicated to targeting top cybercrime organizations is potentially shortening their operational lifespans. d). Ransom Hub: Speculation on whether Ransom Hub is a rebrand of BlackCat remains inconclusive. Current evidence is circumstantial, showing some similarities in ransomware payloads and tactics due to shared personnel and affiliates. Despite connections, Ransom Hub is considered a distinct group until more definitive evidence suggests otherwise. e). Trends in Ransomware Attacks: Shift towards data theft rather than encryption, as data extortion proves more lucrative. Ransomware groups often do not delete stolen data even after receiving payment, as evidenced by cases involving BlackCat, Ransom Hub, and Lockbit. The non-deletion of data is a growing issue, increasing the likelihood of re-extortion. Resources: Jon's Book - The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime Ransomware Diaries Tune in to gain valuable insights here: Spotify: https://lnkd.in/eAawMFtJ Youtube: https://lnkd.in/ePiKPc_S

In this episode of "Cyber from the Frontlines," we talk about the impact of GenAI on Cyber Intelligence with Christian Rencken, Principal Strategic Advisor at Flashpoint. The conversation revolves around how Large Language Models (LLMs) are currently used to gather and assess information enabling rapid synthesis of large data sets for threat detection. The discussion then moves on to the challenges in implementing reliable AI-driven security solutions and how cybercriminals are leveraging AI.Christian also highlights the importance of community feedback in ensuring responsible use of AI. Tune in to gain valuable insights?here: Spotify: https://lnkd.in/e9ppYS3c Youtube: https://lnkd.in/ewNr3QzC

In this episode of "Cyber from the Frontlines," we dive into the practice of Threat Modeling with Vandana Verma, a cybersecurity expert at Snyk, an OWASP board member , and the President of InfoSec Girls. Vandana's unique journey into cybersecurity and her work at InfoSec Girls sets the stage for an insightful conversation on threat modeling. The discussion then revolves around the benefits of incorporating threat modeling into security practices and how to prioritize threat modeling efforts with limited resources. Vandana recommends tools for threat modeling and especially highlights Threat Modeling Manifesto, a resource developed by industry experts. Tune in to gain valuable insights on threat modeling? Spotify: https://lnkd.in/edg3dYr5 Youtube: https://lnkd.in/efbReZwv

In this episode of Cyber from the Frontlines, we dive into the critical practice of threat hunting with Lee Archinal, Senior Threat Hunt Analyst at Intel 471. Lee's journey into cybersecurity, from his military background to his current role, sets the stage for an insightful discussion.?The conversation then transitions to the essence of threat hunting and its distinction from traditional cybersecurity approaches. He underscores the significance of understanding one's organization and its normal operations to effectively detect and mitigate threats. Throughout the episode, Lee and the host explore various aspects of threat hunting, from the importance of threat intelligence to the challenges of hypothesis-driven investigations, the benefits of threat hunting and how threat hunting allows security analysts to distinguish between expected and suspicious/malicious activities within the data, leading to a more refined understanding of normal operations. Tune in to gain valuable insights on threat hunting and learn how organizations can stay one step ahead of cyber adversaries. Spotify: https://lnkd.in/e8DNX2fK Youtube: https://lnkd.in/eSSem5C2

Listen to Yelisey Bohuslavskiy, Co-Founder of RedSense, unpack the current state of ransomware groups post-major takedowns. The conversation highlights the emergence of new players, shifts in tactics within the ransomware ecosystem and ransomware groups to keep an eye on. Yelisey highlights the complexity of the LockBit situation post takedown, noting that while attacks persist, attributing them to a centralized group like LockBit is challenging. He suggests that the proliferation of the LockBit builder has led to various actors deploying LockBit Locker, making attribution difficult. The conversation then shifts to BlackCat's exit scam, the rise in distrust among affiliates, the emergence of new player known as RansomHub and thoughts on whether RansomHub is a rebrand of BlackCat or an affiliate. Yelisey cautions against definitive conclusions due to the lack of concrete evidence. Overall, the podcast provides insights into the evolving strategies, alliances, and threats within the ransomware landscape, emphasizing the need for vigilance and adaptability in cybersecurity measures. Available on : Spotify: https://lnkd.in/efnzMs6K Youtube: https://lnkd.in/eZbazCFD

Arun Warikoo discusses the current and evolving cyber threat landscape in healthcare sector with Errol Weiss, Chief Security Officer (CSO) at Health-ISAC. We talked about ISACs in general, top five cyber threats impacting healthcare, notable ransomware groups,and?extortion tactics employed by these groups. Check it out here: Spotify: https://lnkd.in/efjEV6BN Youtube: https://lnkd.in/egGXY-ek Errol Weiss also shared the 2024 Annual Threat Report Exec Summary TLP-WHITE that is included in this post. This is an extremely insightful report for understanding the threat landscape and evolving trends within healthcare.

In Episode 7 of Cyber from the Frontlines, Arun Warikoo discusses how to build a successful Cyber Threat Intelligence program with Sydney Jones, Head of Cyber Threat Intelligence - CIB Americas, BNP Paribas. We talk on how to write effective intelligence requirements, build a team with complementary skills, map processes to outcomes to demonstrate an effective CTI program, conferences and much more!! Check it out here: Spotify: https://lnkd.in/e3Ai7Xvr Youtube: https://lnkd.in/eiUQr9bs

In Episode 6 of Cyber from the Frontlines, Arun Warikoo discusses vulnerability research, attack surface determination, exploit development and much more with Kasimir Schulz, a vulnerability researcher. Tune in to an exciting conversation! Spotify: https://lnkd.in/eHBTQAMv Youtube: https://lnkd.in/eibdpEnG