Cyber Threat Workshops

September 16, 2021, 10:00 a.m. PST

background image

Know Your Allies: Third-Party Intelligence

In this Cyber Threat Workshop, we will continue our Back to School Series by exploring the 5 Key Principles of Security Intelligence. This workshop is dedicated to the second principle: Know Your Allies (Third-Party Intelligence), and will examine how the rapidly evolving digital supply chain creates systemic risk for every digital organization.

Our experts will demonstrate how to identify cyber threats specifically designed for ransomware and phishing attacks, then explore how these threats can be found within critical third-party attack surfaces—partners, suppliers, M&A scenarios, and other digital dependencies.

Graph and Identify
Ransomware and Phishing Threats

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Adversary-Threat Fingerprinting
  • Associate Threat Systems and Distribution

Adversary-Threat Infrastructure
and Third-Party Connections

  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow

Broad Scope, Global Scale
Attacks (and Defenses)

  • See where and how threats become entangled with third-party attack surfaces
  • Learn new techniques for attribution, from system to user to threat group
  • Find and eliminate global scale attacks originating with third-parties and other digital dependencies

Our team will combine real-world observations of attackers using third-party attacks (global scale, opportunistic attacks) to scam, spam, and phish organizations like yours under the guise of a trusted third-party. Examples will include expansion discovery from a single attack source into the ecosystem of third-party attack surfaces entangled with adversary-threat infrastructure.

We will explore tooling and malicious distribution (sharing) to propagate ransomware and phishing tools for more scaled attacks and rapid variants accessible to thousands of threat actors and groups.

Hands-on labs and exercises will show how to expose real-life malicious and/or risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface. In addition to improving your cyber threat skills, you get 2 CPE credits for attending.

WARNING: During this highly sensitive workshop, RiskIQ will share intelligence that has implications on national security for the United States. As such, RiskIQ will not distribute recordings from this specific cyber threat workshop. You must be present to receive threat intelligence resources, including threat actor tracking via related malicious infrastructure fingerprints.

Attend and Learn:

  • Introduction: Security Intelligence
  • Introduction to ransomware and phishing tools and instrumentation
  • Techniques for third-party infrastructure mapping
  • How to identify ransomware and phishing attacks
  • How to graph connected threats entangled with third-party systems
  • Real-world use cases with hands-on exercises, labs, and investigations
  • Earn 2 CPE Credits

*Certificates for completion are distributed for attending the entire workshop

Agenda

TimeSession
10:00 a.m.Welcome and Introduction
  • Internet Graphing and History
  • Introduction to RiskIQ Datasets
  • Chaining Infrastructure to Find Relationships
  • Adversary-Threat Infrastructure and Tool Fingerprinting
  • Global Distribution of Ransomware and Phishing Tools
  • Connection Points, Entanglements with Third-Party Systems
Use Cases – Hands-On Exercises and Investigations
  • Using RiskIQ Illuminate, we'll show two paths for threat investigations. First, we will explore an active alert requiring context, triage, and response insights. Second, we will practice strategic threat hunting by pivoting to build artifacts on adversary-threat infrastructure (i.e. one-to-many threat actors).
12:00 p.m.Wrap up