S3E3: M-Trends 2020 Dwell Time is a Swell Time
about 17 days ago.
Updated about 17 days ago.
In this latest episode, we featured M-Trends contributors Dominik Weber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit) to take us on a deep dive of our annual M-Trends report. We discussed how key metrics from our incident response investigations changed, including: dwell times, source of notification, number of threat actors tracked, and malware families/trends broken down by operating system. Additionally, we highlighted things that stood out to Dominik and Dan, including:
-Malware that used email for command and control
-Malware that leveraged cryptography to protect further stages for analysis [execution guardrails!]
-How FLARE determines whether a malware sample is a "new" family vs a variant of an existing family we've seen before
-Targeted ransomware trends
-Chinese threat groups who have been active lately (APT40, APT41, APT5, and several uncategorized clusters), as well as how the recent US Justice Department indictments may have impacted operations by those APT groups
-Dominik's involvement in the annual FLARE-ON challenge and what it's like to create a challenge (encrypted web shell)
For the full M-Trends report, visit: https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
To find out more about the FLARE-On challenge, visit: http://flare-on.com/