In this Nordic Threat Update session, we will explore the drivers behind the increasing publicity on the number of breach events happening around the world. We will look at how actors in the Cyber Underground are focusing on supply chain attacks, a tactic which is not only one of the primary methods of nation state actors, but also sophisticated cybercriminals. We will examine how the line between the two is increasingly blurring and how some actors seem to straddle both realms.
We will explore how adversaries use more traditional methods to obtain access to organisations. These include the use of Tactics, Techniques & Procedures (TTPs) targeting remote access, such as brute-forcing and RDP vulnerability exploits. We will also delve into how prolific malware families such as ZLoader (aka Silent Night) and TA505’s Get2 assist with these activities.
We will then analyse how these actors use these unauthorised accesses to achieve their goals, which may include exfiltration of data, stealing Intellectual Property or deploying ransomware (such as REvil, Clop, Darkside, Egregor, etc).
All of these subjects will be presented through the lens of threats targeting the Nordics in particular, and we will also devote some time to other threats targeting the region