loader from loading.io

039| Deconstructing the Dukes: A Researcher's Retrospective of APT29

Cyber Security Sauna

Release Date: 05/06/2020

086| Why showing value is more important for CISOs than ever show art 086| Why showing value is more important for CISOs than ever

Cyber Security Sauna

CISOs find themselves at the forefront of safeguarding sensitive information, ensuring regulatory compliance, and protecting their organizations from constantly evolving cyber risks. Today, we are joined by Cybersecurity Strategist and Eclipz.io Inc. CISO Matthew Rosenquist and WithSecure CISO Christine Bejerasco to discuss why making senior leadership and the board clear on the value that CISOs bring to the table.  

info_outline
085| NIST Cyber Security Framework V.2 – Help or Hindrance? show art 085| NIST Cyber Security Framework V.2 – Help or Hindrance?

Cyber Security Sauna

The NIST Cyber Security Framework has helped secure organizations for nearly a decade and while it’s proven to be an invaluable tool, it’s gotten a bit long in the tooth for a cyber security landscape that never stays static. Enter V.2 which goes a long way in identifying the increasing cyber risk in organizations and implementing more governance, oversight and senior leadership accountability.  For this episode we were joined by very special guest Cybersecurity Strategist and Eclipz.io Inc. CISO, Matthew Rosenquist, and WithSecure CISO Christine Bejerasco to discuss if the new...

info_outline
084| Let's Talk About Threats Baby show art 084| Let's Talk About Threats Baby

Cyber Security Sauna

A successful cyber defense should protect an organization's critical assets from today's threats, not yesterday's. For this episode, we sat down with threat intelligence analysts Stephen Robinson and Ziggy Davies, two such people responsible for keeping tabs on threats and recent developments, to discuss updates on the threats currently affecting organizations. Check out the latest from the WithSecure Countercept Threat Intelligence team. Read the on the professionialization of cybercrime  

info_outline
083| Security by design for CISOs show art 083| Security by design for CISOs

Cyber Security Sauna

The term Shifting Left has not been traditionally associated with cyber security. In this episode, WithSecure CISO Christine Bejerasco lays out the case for how shifting left can evolve beyond its origins in software development to be a powerful tool for successful security and business outcomes. Recorded on-site at #SPHERE23.

info_outline
082| Hyped and Hacked - AI in Cyber Security show art 082| Hyped and Hacked - AI in Cyber Security

Cyber Security Sauna

As Mikko Hyppönen said recently, we are indeed in the midst of the hottest AI summer ever, and the hype level is off the charts. Yes, AI presents amazing opportunities, but unfortunately, also threats. Nowadays, practically anyone with a passing interest in using it has a lot of power at their fingertips - no PhD is necessary. Naturally, we must view all of this through the lens of the cyber security industry. We sat down with Ian Beacraft, Founder and Chief Futurist of Signal and Cipher, and Tom Van de Wiele, Principal Technology and Threat Researcher at WithSecure, to discuss if we are...

info_outline
081| Mudge - the man, the myth, the mythbusting show art 081| Mudge - the man, the myth, the mythbusting

Cyber Security Sauna

We have the pleasure of being joined by the one and only Peiter "Mudge" Zatko, network security expert, open-source programmer, writer, and hacker, with a rapid-fire discussion on some myths in the cyber security industry that could do with busting, sprinkled with some truths that could do with trusting. This episode was recorded on-site at #SPHERE23.

info_outline
080| The Power Of Putting Security Outcomes First show art 080| The Power Of Putting Security Outcomes First

Cyber Security Sauna

As security is primarily about stopping bad things from happening, victories are often silent. At the same time, failures are often very public, so how can organizations tell when their security is paying off? In this episode, we are joined by guest speaker Laura Koetzle, Vice President and Group Director at Forrester and Robin Oldham, CEO of consulting firm Cydea, to discuss assessing the value of a result that produces nothing. Recorded on-site at #SPHERE23.

info_outline
079|(Mind the) Detection and Response Gap show art 079|(Mind the) Detection and Response Gap

Cyber Security Sauna

The time that an attacker spends on a network before attempting to achieve their objective is decreasing rapidly, making many organizations’ typical detection and response solutions ineffective. Speed is the key, but unfortunately the gap between detection and response is growing. In this episode, we are joined by WithSecure’s Threat Hunter Jojo O'Gorman and Principle Incident Response Consultant Mehmet Surmeli to discuss what we can do to solve these challenges. Read more >> Check out our Response Gap Assessment tool >>

info_outline
078| John Grant on the relationship between sustainability and cyber security show art 078| John Grant on the relationship between sustainability and cyber security

Cyber Security Sauna

The development of new sustainable technologies undoubtedly benefits society, but it also opens the door to new cyber security challenges. For this episode, we were on-site at SPHERE23 with author John Grant to discuss the challenges for organizations to be sustainable and secure.

info_outline
077| Jessica Berlin and Stephen Robinson on the cyber front show art 077| Jessica Berlin and Stephen Robinson on the cyber front

Cyber Security Sauna

Russia's invasion of Ukraine changed the entire geopolitical landscape. For this episode, we were on-site at SPHERE23 with security and foreign policy analyst Jessica Berlin, and threat intelligence analyst Stephen Robinson, to discuss the use of cyber attacks and disinformation as policy instruments in the wake of the invasion. 

info_outline
 
More Episodes

APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research. 

Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling them a single organization is too strong; and why published APT research has generally dwindled in recent years.

Links:

Episode 39 transcript

The Dukes: 7 Years of Russian Cyberespionage - F-Secure whitepaper

MITRE ATT&CK Evaluation: APT29

Operation Ghost - ESET

No Easy Breach by Matthew Dunwoody & Nick Carr - DerbyCon 2016

Dukes activity after their "return" in 2016 - Volexity