On a special episode of Afternoon Cyber Tea with Ann Johnson, Sandra Joyce, Executive Vice President and Head of Mandiant Intelligence at FireEye joined me to talk about threat attribution and accountability when it comes to the use of technology by bad actors to help spread misinformation.
As a US Air Force Reserve officer and faculty member at the National Intelligence University with four master’s degrees in cyber policy, international affairs, science and technology intelligence, and military operational art and science, Sandra is an expert in understanding how nation-state actors leverage traditional and social media channels to erode confidence in free and fair elections. Sometimes, those bad actors will use these core values, such as freedom of speech, against us, according to Sandra. For instance, she recounts the history of a foreign group that used those values against the US by invent letters from concerned citizens to be published in US newspapers.
In this powerful episode, Sandra discusses how threat actors are adopting new menace techniques–shifting from signature malware to commodity malware–and pivoting to smaller malware families that they hope will be overlooked by cybersecurity professionals. That combining will make it harder to detect menaces amid the interference. She recommends that organizations research threats and undertake a threat profile on themselves to learn their vulnerabilities and the biggest threats that could target them. That can shape priorities. Use the metaphor of bank robbers, she says it’s not so hard to rush the guards in a build but is hard to learn the place of the safe, get the combination to the safe, and flee undetected. The latter is where the bulk of business intrusion happens. Corporations need to root out threats in that lateral stage.
During our dialogue, we also spoke about threat intelligence and what’s involved in threat actor attribution. After realise a cluster of menace activity, there’s a lot of work required to identify which organisation or country is behind the threat. It usually takes months to collect information about the threat’s techniques, infrastructure, and command and control( C2) channel, which is the channel a threat actor uses to commandeer an individual host or to control a botnet of millions of machines. For times, FireEye’s Mandiant Threat Intelligence team has been tracking fiscal crime group Fin1 1, which deploys point-of-sale malware targeting the financial, retail, restaurant, and pharmaceutical industries. Both technical indicators and the targeting information prove useful in these investigations, in part as you learn about the bad actors’ intentions. To learn what organizations can do to combat threats, listen to Afternoon Cyber Tea with Ann Johnson: Taking a” when , not if” approach to cybersecurity on Apple Podcasts or PodcastOne.
A new season of Afternoon Cyber Tea with Ann Johnson launchings this October 2021 on The CyberWire! In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the health risks and promise of systems powered by AI, IoT, and other emerging tech.
You can listen to Afternoon Cyber Tea with Ann Johnson on:
Apple Podcasts: You can also download the episode by click the Episode Website link. PodcastOne: Includes the option to subscribe, so you’re apprise as soon as new episodes are available. CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, conformity, going passwordless, and more.
To learn more about Microsoft Security answers, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.