Name: Be aware of ransomware TTPs: applying MITRE to ransomware campaigns
Start: 2024-07-15T05:00:00Z
End: 2024-07-15T05:00:49.000Z
Location: BrightTALK
Rating: 4

In an age where cybersecurity threats are becoming increasingly sophisticated and dynamic, a holistic approach to threat detection and response is imperative. Extended Detection and Response (XDR), with its all-rounded threat detection and response capabilities, offers a powerful solution to address the evolving threat landscape in the world of containers. Explore the synergy between XDR and container security, offering a comprehensive strategy to understand threat detection and response in container security, and how XDR can be a game-changer in the cybersecurity strategy.

This event is a must-attend for security professionals, CTOs, CISOs, IT leaders, and anyone interested in staying ahead of the curve in the ever-evolving cybersecurity world. Join us to explore how XDR can be your ally in protecting containerized applications and securing your digital infrastructure.

XDR and Container Security: A Holistic Approach to Threat Detection and Response

Not only do cybercriminals make money by committing cybercrime, but they also expand their operations by offering services to individuals without strong technical skills in malware development. This business model is known as Malware-as-a-Service (MaaS), and it operates on various sites of the "shadow" internet, including the Darknet. MaaS generates stable profits, enabling cybercriminals to maintain a team and continuously improve their services to carry out attacks on companies and individual users.

Through our research, we have identified 97 families of malware that have been distributed in the MaaS format – or "by subscription" – over the last seven years. These families include ransomware, various loaders, backdoors, botnets, and infostealers. In this webinar, Alexander Zabrovsky, Digital Footprint Analyst at Kaspersky, will delve into the inner workings of MaaS in the Darknet and address the most relevant issues:

- How did malware become a full-fledged product, and how did the "subscription" model become a new standard for cybercriminals?
- Why has YouTube become one of the key platforms for distributing malware? Who are traffers, and what is their function?
- Which families of malware are mentioned most often in the Darknet, and how does the Darknet services market depend on the news agenda?

Unveiling the Darknet's Malware-as-a-Service model

This presentation will cover the methodology and measures organizations could take to prevent ransomware. It represents real-world practices, based on ransomware attacks statistics and deep analysis of ransomware groups TTPs.

• The most popular intrusion paths can be locked out
• Little efforts can cause significant problems for the spread of ransomware
• There are several ways to reduce the risk of your infrastructure being encrypted
• Light in the darkness: Is it possible to recover after encryption?

Ransomware Prevention Strategies

In today's media landscape, we consistently encounter news of companies falling victim to cyberattacks, resulting in the exposure and sale of their data on the dark web. The wide array of data available on the dark web market, including internal databases, infrastructure access, and compromised accounts, presents a pervasive problem that affects businesses of all sizes. These breaches and related incidents don’t only disrupt operations and damage reputations, but they can also result in substantial fines and legal consequences.

According to Kaspersky, nearly half of the organizations that faced data breach incidents in 2022 lacked contact person responsible for handling such incidents. About one-third either failed to react, denied the incident, or showed indifference to their data being traded on the dark web. Only a few were adequately prepared to respond.

At our upcoming webinar, Anna Pavlovskaya, an expert at Kaspersky Digital Footprint Intelligence, will present a comprehensive guide to setting up a system that monitors dark web threats and navigating the aftermath of an incident. You will gain insights into:

- Structuring the incident response process, including the approach, necessary steps, and the specific roles assigned to the team members responsible for the process.
- Identifying the types of data commonly offered for sale on the dark web and understanding the differing response strategies based on these data categories.
- Effective communication with the media, customers, partners, shareholders, top management, and other parties involved.
- Strategies for rapid incident identification, investigation, response, and recovery from an incident or preventing it from occurring.

Responding to a data breach: a step-by-step guide

As the frequency of cyberattacks continues to rise, the ability to swiftly and effectively reverse-engineer malware is paramount. To equip you with the skills needed, we are re excited to invite you to our webinar that delves into the depths of Ghidra – an indispensable tool for InfoSec professionals widely used for malware analysis.

The experts will showcase Ghidra's capabilities through the analysis of the Calypso malware. Throughout the session, our Kaspersky Global Research & Analysis Team (GReAT) experts, Igor Kuznetsov and Georgy Kucherin, will share practical tips and tricks, emphasizing effective analysis of functions utilizing structures and function pointers.

Here’s what our experts will cover during the webinar:
Introduction to Ghidra and its significance in reverse engineering.
Live demonstration: Analyzing the Calypso malware with Ghidra.
Tips and tricks for efficient reverse engineering.
Overview of our newly released online training course “Advanced malware reverse engineering with Ghidra”.
Advanced topics: API function hashing, decompiler scripting, and extending Ghidra's capabilities.
Don't miss out on this opportunity to elevate your reverse engineering skills and gain insights from our experts.

Take Your Reverse Engineering to Another Level with Ghidra

In the AI domain, individuals often find themselves taking a stance. Some argue that AI's technological advancements revolve around control and power, while others highlight its convenience. Simultaneously, the cybersecurity community remains wary of AI's potential to disrupt the threat landscape, possibly causing upheaval in defense organizations globally.

At the same time, the regulatory framework for emerging technologies is in its early stages of development, navigating uncharted territory during its formative development stages. This adds complexity to the discourse, as the ethical, legal, and societal implications of AI are yet to be fully addressed.

In this webinar, Kaspersky's experts and Prof. Dr. Dennis-Kenji Kipker of cyberintelligence.institute will delve deep into the multifaceted current influence of AI on cyber threats and the privacy landscape. While our Kaspersky expert illuminates technological intricacies, Prof. Dr. Dennis-Kenji Kipker will navigate the intricate landscape of AI laws and regulatory trends.Furthermore, our panel will scrutinize the pivotal AI developments of 2023 and provide insights into the forecast for the upcoming year. Our roundtable is joined by:
- Dennis Kipker, Research Director, cyberintelligence.institute, Frankfurt am Main
- Vladislav Tushkanov, Research Development Group Manager at Kaspersky’s Machine Learning Technologу Research Team
- Victor Sergeev, Incident Response Team Lead at Kaspersky’s SOC Technologies Research and Development Team
- Vladimir Dashchenko, Security Evangelist, Kaspersky’s ICS team

The Future of AI in cybersecurity: what to expect in 2024

• Explore the power of Extended Detection and Response (XDR) as a proactive defense strategy against evolving cyber threats.
• Discover how XDR can fortify your defense mechanisms and enhance your cybersecurity posture.

Defend with XDR Strategies

Insights into the 2024 Threat Landscape: Gain a deep understanding of the threat landscape and its implications as we uncover the latest trends, emerging threats, and cyber risks.

Dive into 2024 Threat Landscape

In the rapidly shifting world of advanced persistent threats (APTs), tranquility is a rare sight. Leveraging their profound expertise, which includes tracking of hundreds of active APT campaigns, experts from the Kaspersky Global Research and Analysis Team (GReAT) will unveil their insights into the evolving threat landscape in the upcoming year.

Join Kaspersky for this webinar, where you will:
• Receive a detailed analysis of which of GReAT’s predictions from the past year have proven accurate and the underlying factors that contributed to their success or divergence.
• Be given forecasts regarding upcoming trends in the realm of APT activity.
• Gain insights into the protective measures to counter the ever-evolving threats effectively.

Speakers:
Igor Kuznetsov, director
David Emm, principal security researcher
Marc Rivero, lead security researcher
Sherif Magdy, senior security researcher
Dan Demeter, senior security researcher
Global Research and Analysis Team, Kaspersky

2024 Advanced persistent threat predictions

Global Endpoint Detection and Response adoption is on the rise, making it a de-facto standard for many organizations. Everybody has heard about it, but sometimes it’s hard to determine what you need for a particular task: EPP or EDR.

Join Nikita Zaychikov, Senior Product Marketing Manager at Kaspersky, to explore what EDR is really about, how it is different from EPP and when it’s best to use it. 
• EDR and EPP: what is the difference
• Why we need or don’t need EDR: exploring options for different organizations
• EDR myths
• EDR adoption in the world
• Types of EDR

EPP vs EDR: difference, use cases, adoption

With the cyber threat landscape constantly evolving, Extended detection and response or XDR promises to dramatically improve security teams’ investigation and response times. But as with any emerging approach, there can be confusion about what XDR is, how it differs from traditional security solutions, and what security outcomes users can expect from it.
In this high-risk digital environment, it’s essential to know how to manage cyber threats coherently and holistically. Security teams need to rely on deeper integration and more automation to stay ahead of cybercriminals.
Join this webinar to learn more about XDR:
• XDR meaning and definition
• How does XDR work?
• Why businesses need XDR
• What are the benefits of XDR?
• Example of XDR use cases

A proactive approach to threat detection and response – Learn more about XDR

As the industrial landscape evolves, so do the threats that accompany it. While many industrial threats may be developing slowly from year to year, subtle changes are reaching a critical mass, poised to reshape the cybersecurity landscape in the near future.

Join us for the webinar featuring Evgeny Goncharov, head of Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT). Evgeny will dissect the current state of industrial cybersecurity and provide invaluable foresight into what lies ahead. From the persistent menace of ransomware to the burgeoning wave of cosmopolitical hacktivism, we'll delve into the multifaceted risks facing industrial enterprises.

Join us to gain valuable insights into the key cybersecurity challenges facing industrial enterprises in the upcoming year. Learn how to effectively safeguard your operations and stay ahead of emerging threats. Plus, get an analysis of trends from 2023 and a comprehensive outlook on the evolving threat landscape in 2024.

Industrial cybersecurity in 2024: trends and forecasts

Modern cars are no longer just a means of transportation. Their built-in services can manage everything for drivers and passengers alike from seat heating, to using voice-controlled GPS to find a coffee, or make theater ticket reservations. Along with the development of consumer services, driver safety services have also been developed – distance sensors to neighboring cars, speed limit recognition and the eCall safety system, to name a few.

These hi-tech solutions designed to improve the user experience and make your journey safer, are architecturally based on algorithms and technologies that in themselves carry threats to information security. The wider the user experience, the wider the attack surface for an attacker. 

In this webcast, Cyberthreats to modern automotive industry, Sergey Anufrienko and Alexander Kozlov, security researchers at Kaspersky ICS CERT will discuss:

• Threat landscape: how has changed and evolved over the last 10 years
• Top threats the automotive industry is exposed to
• Standards of automotive security
• Trends in automotive security

Cyberthreats to modern automotive industry

As the world discusses ChatGPT-3 and its impressive capabilities, the business community is concerned about the AI’s potential to change the game for cyber criminals and wreak havoc in the world of defense organizations. Should businesses soon expect a wave of even more advanced cyber-attacks or simply more attacks? Will current cybersecurity solutions be enough? Or will ChatGPT instead provide cybersecurity specialists with more efficient and smarter defensive and threat hunting tools?

In this webinar, Kaspersky experts will discuss how ChatGPT currently influences the cyber threats landscape and cybersecurity in organizations, and contemplate whether this is a real game changer for the industry and, in particular Security Operation Centers (SOCs). The experts will also discuss the potential benefits of using ChatGPT in threat hunting and malware analysis.

In this webcast you will find out:
- If ChatGPT can really influence the threat landscape. Where can cyber criminals use it, and will it be effective?
- Will the emergence of ChatGPT and similar AI language models lead to increased cybersecurity costs?
- If ChatGPT is capable of becoming an autonomous hacking AI-tool
- How can cybersecurity experts employ ChatGPT: a demonstration of a scanner for Indicators of Compromise (IoCs)

The webinar will be conducted by Kaspersky's Vladislav Tushkanov, lead data scientist, Maher Yamout, senior security researcher, and Victor Sergeev, incident response team lead.

ChatGPT - good or evil? AI impact on cybersecurity

Annual Incident Response Analyst Report provides insights into incident investigation services conducted by the company to willing customers in 2023, builds a holistic overview of any cyberthreat trends and summarizes observations into statistical analysis of recent incidents.

Join Ayman Shaaban, Digital Forensic and Incident Response Manager in GERT, Global Emergency Response Team at Kaspersky, who will highlight the most common attack scenarios based on 2023 incident investigations, including observations on:

• Top targeted regions and industries
• Most common initial compromise vectors
• Attack duration and impact
• Adversarial tools and tactics
• Expert incident response recommendations
• Examples of investigated incidents from 2023

Analyzing last year’s cyber incident cases

As the digital landscape continues to evolve, so do the threats that organizations face. We cordially invite you to our upcoming webinar, where we will delve into the dynamic world of cybersecurity and explore strategies to defend against the ever-changing threat landscape using XDR (Extended Detection and Response).

Navigating the 2024 Cybersecurity Terrain XDR Defense Strategies

Modern cars employ a wide array of communication interfaces. Some, like Bluetooth and Wi-Fi, directly engage users, while others, such as RDS and GPS, provide user-facing services, and still others, like CAN and Ethernet buses, ensure the proper functioning of the car's internal systems. These interfaces contribute to the extensive flow of data within the car, forming its data flow graph. Within this graph, they serve as the "entry points" for malicious attackers seeking access to the vehicle. However, tampering with them does not necessarily lead to the loss of the car's security features.

In this webcast, cybersecurity experts, Alexander Kozlov and Sergey Anufrienko from Kaspersky's ICS CERT, will delve into the automotive security. Together, we will examine:

- We'll explore which interfaces attackers tend to favor when targeting cars and the reasons behind their choices.
- We'll focus on the techniques attackers employ when conducting attacks through specific interfaces, with an emphasis on classical techniques.
- We'll discuss how to defend against these threats and evaluate the feasibility of reducing associated risks.

Join us for this webinar, where we'll equip you with the knowledge and tools to not only comprehend the ever-evolving landscape of automotive security but also to safeguard your modern vehicle effectively.

Overview of modern car compromise techniques and methods of protection

In today's digital landscape, phishing and social engineering attacks have become increasingly sophisticated, posing significant threats to organizations worldwide. According to Kaspersky's 2023 report, spam accounted for an alarming 45.60% of global email traffic. Furthermore, a staggering 77% of companies have fallen victim to cyber incidents in the past two years, with 21% of these incidents attributed to employees succumbing to phishing attacks.

Beyond the mere inconvenience of sorting through spam, these attacks can lead to severe consequences. From compromising confidential data to incurring substantial financial and reputational damages, the implications are vast. Additionally, recipients risk losing personal funds to scam messages, underscoring the urgency for robust email security measures.

Join us for this enlightening webinar where Kaspersky's experts, Anna Lazaricheva and Alexander Rumyantsev, will delve into the most prevalent and current email threats observed over the past year.

• Understand the diverse forms of spam and email threats plaguing organizations today.
• Explore real-world examples and case studies highlighting the impact of phishing and social engineering attacks.
• Discover the advanced features of Kaspersky Security for Mail Servers (KS for Mail Server), designed to combat sophisticated email threats effectively.

Email security: Top threats and how to counter them

Kaspersky APAC

Elevating Cyber Resilience: Unveiling the Power of XDR

Threat Landscape in APAC and Globally

Reasons to use Suricata for incident response and threat hunting

Modern ransomware has transitioned to a Ransomware-as-a-Service (RaaS) model, with many groups sharing common tactics, techniques, and procedures in their attacks, or TTPs. These TTPs, described in MITRE ATT&CK, are like a glue that binds together multiple diverse teams operating at various levels with different priorities.

The Global Research and Analysis team (GReAT) at Kaspersky analyzed thousands of operations made by the different RaaS groups – and outlined the TTPs that the cybersecurity industry should consider in order to deliver a stronger protection for different organizations.

Join this webcast with Marc Rivero, a senior security researcher at Kaspersky GReAT. Marc will delve into the main TTPs used by modern ransomware groups and shed light on how to analyze them and use in attack detection and prevention.
• Kaspersky’s statistics on ransomware evolution
• Attack workflow using MITRE ATT&CK
• Overview of TTPs used by main ransomware groups
• Q&A session

Be aware of ransomware TTPs: applying MITRE to ransomware campaigns

Ransomware

Cybersecurity

MITRE Attack

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Be aware of ransomware TTPs: applying MITRE to ransomware campaigns

Presented by

About this talk

More from this channel