Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=CgDtm05qApE


Category:
Show
Duration: 58:17
2,610 views
32

Earlier this year, Mandiant published a blog on a fast-moving adversary deploying RYUK ransomware, UNC1878. Shortly after its release, there was a significant decrease in observed UNC1878 intrusions and RYUK activity overall almost completely vanishing over the summer. But beginning in early fall, Mandiant has seen a resurgence of RYUK along with TTP overlaps indicating that UNC1878 has returned from the grave and resumed their operations. Fear not! In this webcast presenters will cover recent RYUK activity, its attribution to UNC1878, and TTPs both old and new to aid defenders in detection and response.

Van Ta and Aaron Stephens
Van and Aaron are Senior Threat Analysts on Mandiant’s FLARE Advanced Practices Team, pursuing adversaries across the FireEye/Mandiant ecosystem and making that knowledge actionable to frontline responders. Van comes from an extensive background in detection and response, and directly supports Mandiant incident responders by researching active adversary tradecraft to surface net new evil across the rest of FireEye/Mandiant. Aaron focuses on automation and tooling which helps the team keep up with the high operational tempo of incident response investigations. He has previously presented at the Forum for Incident Responders and Security Teams and FireEye's Cyber Defense Summit. You can find them on Twitter at @Wanna_VanTa and @x04steve.



Other Videos By SANS Institute


2020-11-23SANS Foundations overview by course author James Lyne
2020-11-18Becoming a CISO: Leading Transformation
2020-11-18SANS Cyber Security Foundations Course
2020-11-12New Five Day Security Culture Course | MGT521 | SANS Institute
2020-11-06Good on Paper: Packaging Your Skills and Experience (Panel)
2020-11-04Authentic at Work: Bringing Your Whole Self to Work in Infosec & Tech | Christina Morillo
2020-11-03You Got a Job in Cybersecurity!... Now What?! (Panel)
2020-11-02#BuildYourBrand: Blogging & Podcasting Your Way to Leadership (Panel)
2020-10-29Keynote: The Language of Equality | Lodrina Cherne
2020-10-28Public Speaking: Feel the Fear and Do it Anyway | Xena Olsen
2020-10-28Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
2020-10-27Owning Your Narrative: Lessons from #SharetheMicinCyber | Camille Stewart
2020-10-22Raising the Tide: Driving Improvement in Security By Being a Good Human | David Bianco
2020-10-20You Are the Prize: How to Hire the Right Boss and Employer for a More Fulfilling Career | InfoSteph
2020-10-16Human Aspects of Ransomware
2020-10-14Using COVID-19 to Exploit Fear, Uncertainty, and Doubt (FUD)
2020-10-01PowerShell 2020: State of the Art / Hack / Infection - SANS@Mic Keynote Network Security
2020-09-29Threat Hunting in the Microsoft Cloud: Times They Are a-Changin' | John Stoner
2020-09-28Securing Cloud Deployments: A Red Team Perspective | Matt Burrough
2020-09-25The Value of Commercial Threat Intelligence Sources | STAR Webcast
2020-09-25Lessons Learned from Cloud Security Incidents, Past and Present | Dave Shackleford


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
STAR webcast
UNC1878
Katie Nickels
Mandiant
Van Ta
Aaron Stephens
RYUK
RYUK ransomware