Digest

This podcast discusses the key findings of the Mandiant M-Trends report on cybersecurity trends. The report, while acknowledging potential biases due to Mandiant's client base, offers valuable insights into current attack vectors and malware. Surprisingly, vulnerability exploitation surpasses phishing as the most common initial attack vector, emphasizing the critical need for robust patching and secure coding practices. Stolen credentials and web compromises remain significant threats, further highlighting the importance of multi-factor authentication. The report also notes a surprising involvement of North Korean IT workers in some attacks. Regarding malware, the report indicates a decline in new malware families, suggesting a shift towards "living off the land" attacks using existing system tools. However, a concerning rise in Linux malware is observed. The podcast concludes by emphasizing crucial security recommendations: implementing multi-factor authentication (especially phishing-resistant MFA), regular password rotation (particularly for service accounts), improved logging and detection capabilities, and a strong understanding of shared responsibilities in cloud security. The hosts stress the challenges of gaining sufficient visibility into cloud attack surfaces and the importance of secure cloud practices.

Outlines

00:00:00

Introduction and Mandiant M-Trends Report Overview

The episode introduces the Mandiant M-Trends report, acknowledging potential biases while highlighting its value in understanding cybersecurity trends. The hosts also briefly discuss their upcoming vacations and a sponsor message for InVisicle Oak.

00:02:25

Key Findings: Intrusion Vectors

The podcast details the report's findings on intrusion vectors, noting that vulnerability exploitation surpasses phishing as the most common initial attack vector. Stolen credentials and web compromises are also highlighted, along with the surprising involvement of North Korean IT workers.

00:08:44

Key Findings: Malware Trends and North Korean Actors

The discussion shifts to malware trends, including a decline in new malware families and a rise in Linux malware. The surprising involvement of North Korean IT workers in attacks is further discussed.

01:02:12

Security Recommendations and Cloud Security Challenges

The hosts discuss Mandiant's security recommendations, focusing on multi-factor authentication, password rotation, improved logging and detection, and secure cloud practices. They emphasize the importance of understanding shared responsibilities in cloud environments and the challenges of gaining sufficient visibility into cloud attack surfaces.

Keywords

Q&A

• What are the most common initial intrusion vectors identified in the Mandiant M-Trends report?

  Vulnerability exploitation, followed by stolen credentials and phishing.

• How does the Mandiant report address the issue of malware trends?

  A decline in new malware families and a rise in Linux malware are observed, suggesting a shift towards "living off the land" attacks.

• What key security recommendations are emphasized in the podcast based on the Mandiant report?

  Multi-factor authentication, password rotation, robust logging and detection, and secure cloud practices, including understanding shared responsibilities.

Show Notes