S2E04: Ransom Acts of Flyness
State of the Hack
English - June 04, 2019 10:47 - 44 minutes - 30.6 MB - ★★★★★ - 28 ratingsTechnology News Tech News fireeye mandiant cybersecurity malware hacker Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Christopher and Nick kicked-off the latest episode with recent updates
to the MITRE ATT&CK framework, including several techniques that they
submitted. During the episode they discuss Outlook add-in persistence,
renamed binaries, and the high-level increase in execution guardrails
observed - all of which were added in the May update to ATT&CK. They
then spoke about CARBANAK Week; including how FireEye found the
CARBANAK source code and the process behind releasing it. They also
give a few new details on FIN7's on-going operations, post-indictment
to include the new front company and tactics used in their latest
round of phishing. And based on viewer request they chat about the
groups that deployed Robbinhood and other targeted ransomware
(extortionware) initial infection vectors and lateral movement
techniques. They broke down the possible offensive foreign
counterintelligence operation (OFCO) that is the new APT34 "leaks" and
separate the quality of the information from the stories around why
it's being shared. They also quickly spoke on the latest in the trend
of U.S. government indictments against Chinese individual operators
and their experience leading the investigations behind many of these
indictments and how they could be improved. And lastly, they give a
threat research blog round-up; including research from FireEye,
Chronicle, Kaspersky, and ESET.