loader from loading.io

039| Deconstructing the Dukes: A Researcher's Retrospective of APT29

Cyber Security Sauna

Release Date: 05/06/2020

066| Co-security: collaboration, cooperation and cyber security show art 066| Co-security: collaboration, cooperation and cyber security

Cyber Security Sauna

There’s many different ways to collaborate on infosec problems. There’s no shortage of associations, conferences, and other frameworks that organizations can use to find others to work with. And there’s a healthy supply of security companies to choose from. But do any of these offer concrete benefits to organizations? Will organizations somehow achieve better outcomes by working with others? Or is it more complicated than that? Today, we’re joined by UK-based Julia Ward, WithSecure’s Principal Client & Markets Liaison, and Tom Van de Wiele from Denmark, a former red teamer and...

info_outline
065| Security for non-profit organizations show art 065| Security for non-profit organizations

Cyber Security Sauna

Non-profit organizations play a crucial role in our well-being. In many parts of the world, they’re a major source of education, health care, social services, and more. And while they’re not in it for the money, they remain a target for cyber attacks, just like other organizations. Why is this case? What can and should be done about this? In this episode, Adrien Ogee, Chief Operating Officer for the CyberPeace Institute, a non-governmental organization that helps defend the security, dignity, and equity of people in cyber space; and Heikki Stark, a security consultant with F-Secure who...

info_outline
064| 2021, 2022 and beyond - Part 2 show art 064| 2021, 2022 and beyond - Part 2

Cyber Security Sauna

With 2021 now behind us, it’s time to revisit the highs and lows of the past 12 months, and look ahead to what we can expect in the months ahead. To mark the year’s end, we recorded a special two-part episode of Cyber Security Sauna. F-Secure’s Chief Research Officer , Security Consultant , and AI researcher  join episode 64 to share their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode: regulating social media networks, cloudification, AI-powered attacks, security in an age of unlimited computing power, NFTs,...

info_outline
063| 2021, 2022 and beyond - Part 1 show art 063| 2021, 2022 and beyond - Part 1

Cyber Security Sauna

2021 is drawing to a close, and it’s time to look back on the events of the past year. At the same time we look ahead to the brand new year to come. In this episode we’re joined by F-Secure’s Chief Research Officer Mikko Hypponen, Security Consultant Adriana Verhagen, and AI researcher Andy Patel, to hear their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond.

info_outline
062| Log4j Zero Day: What It Means for Your Org show art 062| Log4j Zero Day: What It Means for Your Org

Cyber Security Sauna

The remotely exploitable Log4j zero day vulnerability discovered just a few days ago has been called one of the most serious vulnerabilities to date. So what is it all about, and what does it mean for organizations? How is it being exploited? What are the risks, and what can you do if you're waiting for a patch? F-Secure CISO Erka Koivunen joins Janne to break down the issue, and explains why this vulnerability should be a wakeup call for security practitioners and developers.

info_outline
061| AppSec, According to Two Guys Named Antti show art 061| AppSec, According to Two Guys Named Antti

Cyber Security Sauna

The topic of application security has never been more important. So how are companies approaching appsec? What should companies do to ensure appsec gets the attention it needs? Antti Tuomi, who works in Japan, and Antti Vaha-Sipila (known as AVS), from Finland, join the show to share their thoughts on changes in application security, shifting left, supporting developers, "level boss testing," and much more.

info_outline
060| Biometrics: Privacy, Problems and Possibilities show art 060| Biometrics: Privacy, Problems and Possibilities

Cyber Security Sauna

Biometric authentication systems have the potential to take the place of passwords. But there are a lot of considerations before taking these systems into use. When should they be used, and how? What are the risks, and when should biometrics be approached with skepticism? Vic Harkness and Tom Van de Wiele discuss the advantages and disadvantages of biometric authentication systems, some of the wackiest ways our bodies can be measured, and why layered security still works best.

info_outline
059| Keeping Your Latest Tech from Becoming the Latest Threat show art 059| Keeping Your Latest Tech from Becoming the Latest Threat

Cyber Security Sauna

Cyber crime is a constantly evolving game. As soon as new technology is introduced, attackers start figuring out how to exploit it for malicious purposes. No one understands this better than F-Secure Chief Technology Officer Christine Bejerasco. Christine joins Janne to discuss the changing world of cyber crime, and how companies can avoid having their new technologies exploited by taking a secure-by-design approach. 

info_outline
058| Paths to Infosec: From ER to IR show art 058| Paths to Infosec: From ER to IR

Cyber Security Sauna

When it comes to getting into cybersecurity, the skills can be learned, and it's all about hard work and dedication. Our guest this episode, incident response consultant Eliza Bolton, successfully transitioned to cybersecurity from the nursing profession. Also joining is Matt Lawrence, F-Secure's head of IR. Matt and Eliza discuss tackling the cyber skills shortage, why diverse teams are more adaptable, and why Eliza’s background as a nursing assistant is an asset in the world of incident response. 

info_outline
057| Dark Web: The Good, the Bad, and the Ugly show art 057| Dark Web: The Good, the Bad, and the Ugly

Cyber Security Sauna

After data breaches and ransomware attacks, we often hear that customer information was leaked to the dark web. This obviously can have serious implications for both companies and individuals, but for many of us, the dark web is as mysterious as it sounds. So what is the dark web all about, and what's happening there? How does it affect companies and regular people? F-Secure's Laura Kankaala and Elias Koivula join the show to help to help demystify the topic.

info_outline
 
More Episodes

APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research. 

Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling them a single organization is too strong; and why published APT research has generally dwindled in recent years.

Links:

Episode 39 transcript

The Dukes: 7 Years of Russian Cyberespionage - F-Secure whitepaper

MITRE ATT&CK Evaluation: APT29

Operation Ghost - ESET

No Easy Breach by Matthew Dunwoody & Nick Carr - DerbyCon 2016

Dukes activity after their "return" in 2016 - Volexity