2026-04-09 08-19-31
May 25, 2026 15:15
· 22:32
· English
· Whisper Turbo
· 2 Ομιλητές
Αυτό το αντίγραφο λήγει σήμερα.
Αναβάθμιση για μόνιμη αποθήκευση →
Εμφάνιση μόνο
0:08
S…
Speaker 1 (2026-04-09 08-19-31)
In this video,
0:09
S…
Speaker 1 (2026-04-09 08-19-31)
we'll talk about sector ISACs,
0:11
S…
Speaker 2 (2026-04-09 08-19-31)
government partnerships,
0:12
S…
Speaker 1 (2026-04-09 08-19-31)
and information sharing protocols.
0:14
S…
Speaker 1 (2026-04-09 08-19-31)
These are the backbone of collaborative cyber defense.
0:17
S…
Speaker 1 (2026-04-09 08-19-31)
We'll explore how ISACs originated,
0:20
S…
Speaker 1 (2026-04-09 08-19-31)
how they operate behind the scenes,
0:22
S…
Speaker 1 (2026-04-09 08-19-31)
and how government agencies partner with industry to protect critical infrastructure.
0:26
S…
Speaker 1 (2026-04-09 08-19-31)
Then we'll break down the technical foundations of information sharing,
0:29
S…
Speaker 1 (2026-04-09 08-19-31)
including STIX,
0:30
S…
Speaker 1 (2026-04-09 08-19-31)
TAXI,
0:31
S…
Speaker 1 (2026-04-09 08-19-31)
and TOP, and show how they come together in real -world tools like SEAMs,
0:35
S…
Speaker 1 (2026-04-09 08-19-31)
TIPS,
0:36
S…
Speaker 1 (2026-04-09 08-19-31)
and SOAR platforms.
0:38
S…
Speaker 1 (2026-04-09 08-19-31)
Finally, we'll talk through real -world examples like SolarWinds and Colonial Pipeline.
0:41
S…
Speaker 1 (2026-04-09 08-19-31)
This way,
0:43
S…
Speaker 1 (2026-04-09 08-19-31)
we can see how coordination plays out when it matters most.
0:46
S…
Speaker 1 (2026-04-09 08-19-31)
We'll finish with guidance so that you can apply this in your own environment.
0:49
S…
Speaker 1 (2026-04-09 08-19-31)
Information Sharing and Analysis Centers,
0:51
S…
Speaker 1 (2026-04-09 08-19-31)
or ISACs,
0:52
S…
Speaker 1 (2026-04-09 08-19-31)
were created to help protect critical infrastructure through trusted sector -specific
0:57
S…
Speaker 1 (2026-04-09 08-19-31)
collaboration.
0:57
S…
Speaker 1 (2026-04-09 08-19-31)
They were originally established by a presidential decision directive
1:01
S…
Speaker 1 (2026-04-09 08-19-31)
signed by Bill Clinton,
1:03
S…
Speaker 1 (2026-04-09 08-19-31)
which called for greater public -private cooperation on cybersecurity and
1:07
S…
Speaker 1 (2026-04-09 08-19-31)
infrastructure protection.
1:09
S…
Speaker 1 (2026-04-09 08-19-31)
ISACs are typically non -profit,
1:11
S…
Speaker 1 (2026-04-09 08-19-31)
member -driven organizations that are designed to enable threat sharing,
1:15
S…
Speaker 1 (2026-04-09 08-19-31)
situational awareness,
1:16
S…
Speaker 1 (2026-04-09 08-19-31)
and collective defense across key sectors.
1:18
S…
Speaker 1 (2026-04-09 08-19-31)
Today,
1:19
S…
Speaker 1 (2026-04-09 08-19-31)
nearly every major industry has one.
1:21
S…
Speaker 1 (2026-04-09 08-19-31)
The Financial Services ISAC,
1:23
S…
Speaker 1 (2026-04-09 08-19-31)
the Health ISAC,
1:24
S…
Speaker 1 (2026-04-09 08-19-31)
the Energy ISAC,
1:26
S…
Speaker 1 (2026-04-09 08-19-31)
the IT ISAC,
1:27
S…
Speaker 1 (2026-04-09 08-19-31)
and the Auto ISAC.
1:28
S…
Speaker 1 (2026-04-09 08-19-31)
There's even the MS ISAC for U .S.
1:31
S…
Speaker 1 (2026-04-09 08-19-31)
state and local governments,
1:32
S…
Speaker 1 (2026-04-09 08-19-31)
and the Aviation ISAC for airlines and airports.
1:35
S…
Speaker 1 (2026-04-09 08-19-31)
Each of these serves as a hub for information exchange and incident coordination within
1:39
S…
Speaker 1 (2026-04-09 08-19-31)
each sector,
1:40
S…
Speaker 1 (2026-04-09 08-19-31)
helping members stay ahead of emerging threats.
1:42
S…
Speaker 1 (2026-04-09 08-19-31)
How do ISACs actually operate?
1:45
S…
Speaker 1 (2026-04-09 08-19-31)
It all starts with threat data ingestion.
1:48
S…
Speaker 1 (2026-04-09 08-19-31)
This can come from member organizations,
1:50
S…
Speaker 2 (2026-04-09 08-19-31)
government partners,
1:51
S…
Speaker 1 (2026-04-09 08-19-31)
open sources,
1:52
S…
Speaker 1 (2026-04-09 08-19-31)
technical platforms,
1:53
S…
Speaker 1 (2026-04-09 08-19-31)
and even real -time intelligence feeds.
1:56
S…
Speaker 1 (2026-04-09 08-19-31)
From there the data is processed and enriched by ISAC analysts,
2:00
S…
Speaker 1 (2026-04-09 08-19-31)
many of which hold government clearances.
2:02
S…
Speaker 1 (2026-04-09 08-19-31)
They add context,
2:04
S…
Speaker 1 (2026-04-09 08-19-31)
validate sources,
2:05
S…
Speaker 1 (2026-04-09 08-19-31)
and often correlate information across incidents or members.
2:08
S…
Speaker 1 (2026-04-09 08-19-31)
Once the data is vetted,
2:11
S…
Speaker 1 (2026-04-09 08-19-31)
that enriched intelligence is redistributed back to the members.
2:14
S…
Speaker 1 (2026-04-09 08-19-31)
This comes in the forms of alerts,
2:16
S…
Speaker 2 (2026-04-09 08-19-31)
reports,
2:17
S…
Speaker 1 (2026-04-09 08-19-31)
bulletins,
2:17
S…
Speaker 1 (2026-04-09 08-19-31)
and sometimes automated threat feeds.
2:20
S…
Speaker 1 (2026-04-09 08-19-31)
The result is a two -way flow of information where members contribute intel and receive
2:24
S…
Speaker 1 (2026-04-09 08-19-31)
actionable insights in return.
2:27
S…
Speaker 1 (2026-04-09 08-19-31)
Government partnerships play a critical role in bridging public and private sectors
2:31
S…
Speaker 1 (2026-04-09 08-19-31)
in cybersecurity.
2:31
S…
Speaker 1 (2026-04-09 08-19-31)
These relationships allow for rapid sharing of both classified and
2:35
S…
Speaker 1 (2026-04-09 08-19-31)
unclassified threat data.
2:37
S…
Speaker 1 (2026-04-09 08-19-31)
It helps organizations stay ahead of evolving threats while improving national
2:41
S…
Speaker 1 (2026-04-09 08-19-31)
cyber resilience.
2:42
S…
Speaker 1 (2026-04-09 08-19-31)
It's not just about intelligence.
2:44
S…
Speaker 1 (2026-04-09 08-19-31)
It's about mutual coordination during incidents,
2:47
S…
Speaker 1 (2026-04-09 08-19-31)
supporting resilience and recovery efforts,
2:49
S…
Speaker 1 (2026-04-09 08-19-31)
and aligning on best practices.
2:51
S…
Speaker 1 (2026-04-09 08-19-31)
Some of the key federal players include CISA.
2:54
S…
Speaker 1 (2026-04-09 08-19-31)
They're the lead civilian cybersecurity directorate.
2:57
S…
Speaker 1 (2026-04-09 08-19-31)
Their main focus is nation -state threats.
3:00
S…
Speaker 1 (2026-04-09 08-19-31)
With FBI InfoGuard,
3:02
S…
Speaker 1 (2026-04-09 08-19-31)
they connect private sector partners with federal investigators.
3:05
S…
Speaker 1 (2026-04-09 08-19-31)
The Department of Defense and DC -3 are used for defense sector intelligence.
3:09
S…
Speaker 1 (2026-04-09 08-19-31)
There are other sector -specific agencies like the Department of Energy,
3:13
S…
Speaker 1 (2026-04-09 08-19-31)
Health and Human Services,
3:15
S…
Speaker 1 (2026-04-09 08-19-31)
the Department of Transportation,
3:17
S…
Speaker 1 (2026-04-09 08-19-31)
and the Treasury.
3:18
S…
Speaker 1 (2026-04-09 08-19-31)
We should also mention the Secret Service through its electronic crimes task forces and
3:22
S…
Speaker 1 (2026-04-09 08-19-31)
cyber fraud task forces.
3:24
S…
Speaker 1 (2026-04-09 08-19-31)
These partnerships help extend visibility,
3:26
S…
Speaker 1 (2026-04-09 08-19-31)
speed up information flow,
3:28
S…
Speaker 1 (2026-04-09 08-19-31)
and strengthen defense across critical infrastructure.
3:30
S…
Speaker 1 (2026-04-09 08-19-31)
This slide shows how threat intelligence moves through a modern sharing
3:34
S…
Speaker 1 (2026-04-09 08-19-31)
and integration pipeline.
3:35
S…
Speaker 2 (2026-04-09 08-19-31)
First,
3:37
S…
Speaker 1 (2026-04-09 08-19-31)
STIX -formatted data,
3:38
S…
Speaker 1 (2026-04-09 08-19-31)
like this example indicator,
3:39
S…
Speaker 1 (2026-04-09 08-19-31)
gets labeled with TLP metadata to control how widely it can be
3:43
S…
Speaker 1 (2026-04-09 08-19-31)
distributed.
3:44
S…
Speaker 1 (2026-04-09 08-19-31)
The STIX package is then transmitted via taxi,
3:47
S…
Speaker 1 (2026-04-09 08-19-31)
a trusted transport mechanism.
3:48
S…
Speaker 1 (2026-04-09 08-19-31)
It goes from a taxi server to a taxi client and into your tooling environment.
3:53
S…
Speaker 1 (2026-04-09 08-19-31)
This is often a scene like Splunk or Elastic.
3:56
S…
Speaker 1 (2026-04-09 08-19-31)
This is where the real operational value kicks in.
3:59
S…
Speaker 1 (2026-04-09 08-19-31)
That threat intel can now trigger detections,
4:02
S…
Speaker 1 (2026-04-09 08-19-31)
enrich alerts,
4:03
S…
Speaker 1 (2026-04-09 08-19-31)
or inform automated responses.
4:04
S…
Speaker 1 (2026-04-09 08-19-31)
The same flow also feeds into threat intel platforms like MISP,
4:09
S…
Speaker 2 (2026-04-09 08-19-31)
ThreatConnect,
4:10
S…
Speaker 2 (2026-04-09 08-19-31)
or Anomaly.
4:11
S…
Speaker 1 (2026-04-09 08-19-31)
And it can also be used in SOAR platforms for orchestrated remediation.
4:15
S…
Speaker 2 (2026-04-09 08-19-31)
In short,
4:16
S…
Speaker 1 (2026-04-09 08-19-31)
you're getting trusted data that's delivered securely into tools that matter,
4:19
S…
Speaker 2 (2026-04-09 08-19-31)
automatically.
4:21
S…
Speaker 1 (2026-04-09 08-19-31)
Let's take a look at how these information -sharing protocols and partnerships come
4:25
S…
Speaker 1 (2026-04-09 08-19-31)
together during real -world incidents.
4:27
S…
Speaker 2 (2026-04-09 08-19-31)
First,
4:28
S…
Speaker 1 (2026-04-09 08-19-31)
we'll talk about SolarWinds in 2020.
4:29
S…
Speaker 1 (2026-04-09 08-19-31)
The NSA was one of the first to detect suspicious lateral
4:34
S…
Speaker 1 (2026-04-09 08-19-31)
movement inside their networks.
4:35
S…
Speaker 1 (2026-04-09 08-19-31)
Not long after this,
4:38
S…
Speaker 1 (2026-04-09 08-19-31)
Microsoft and FireEye uncovered that this was part of a highly sophisticated supply
4:42
S…
Speaker 1 (2026-04-09 08-19-31)
chain attack,
4:43
S…
Speaker 1 (2026-04-09 08-19-31)
now known as Sunburst.
4:44
S…
Speaker 1 (2026-04-09 08-19-31)
CISA stepped in to coordinate a government -wide response,
4:48
S…
Speaker 1 (2026-04-09 08-19-31)
issuing alerts and mitigation strategies.
4:50
S…
Speaker 2 (2026-04-09 08-19-31)
And more importantly,
4:52
S…
Speaker 1 (2026-04-09 08-19-31)
Styx packages containing indicators of compromise were shared quickly
4:56
S…
Speaker 1 (2026-04-09 08-19-31)
through TensorFlow for taxi servers,
4:57
S…
Speaker 1 (2026-04-09 08-19-31)
allowing security teams across sectors
5:00
S…
Speaker 2 (2026-04-09 08-19-31)
to hunt for and detect malicious activity in their own environments.
5:03
S…
Speaker 1 (2026-04-09 08-19-31)
Next,
5:04
S…
Speaker 2 (2026-04-09 08-19-31)
we'll jump to 2021 with the Colonial Pipeline.
5:06
S…
Speaker 2 (2026-04-09 08-19-31)
As ransomware hit a major energy provider,
5:09
S…
Speaker 2 (2026-04-09 08-19-31)
the FS -ISAC rapidly distributed threat intelligence related
5:13
S…
Speaker 2 (2026-04-09 08-19-31)
to dark side to financial institutions.
5:14
S…
Speaker 2 (2026-04-09 08-19-31)
The MS -ISAC provided guidance directly to state,
5:18
S…
Speaker 2 (2026-04-09 08-19-31)
local, tribal,
5:19
S…
Speaker 2 (2026-04-09 08-19-31)
and territorial governments.
5:20
S…
Speaker 2 (2026-04-09 08-19-31)
This is what we call SLTT agencies.
5:24
S…
Speaker 1 (2026-04-09 08-19-31)
And again,
5:24
S…
Speaker 2 (2026-04-09 08-19-31)
Seesaw and DHS played a central role,
5:27
S…
Speaker 2 (2026-04-09 08-19-31)
organizing private briefings with utility providers to keep critical infrastructure
5:31
S…
Speaker 2 (2026-04-09 08-19-31)
ahead of the threat.
5:32
S…
Speaker 2 (2026-04-09 08-19-31)
These cases show the real value of structured intelligence sharing.
5:36
S…
Speaker 2 (2026-04-09 08-19-31)
Whether it's by pushing STIX indicators through TAXI or flagging critical alerts
5:40
S…
Speaker 2 (2026-04-09 08-19-31)
under the right TLP label,
5:41
S…
Speaker 2 (2026-04-09 08-19-31)
the combination of public -private partnerships and automated tools helps
5:46
S…
Speaker 2 (2026-04-09 08-19-31)
us to respond faster and smarter.
5:47
S…
Speaker 2 (2026-04-09 08-19-31)
What should you do with all of this as an analyst?
5:50
S…
Speaker 1 (2026-04-09 08-19-31)
First,
5:50
S…
Speaker 2 (2026-04-09 08-19-31)
if you're able to,
5:51
S…
Speaker 2 (2026-04-09 08-19-31)
join an ISAC that's relevant to your sector.
5:53
S…
Speaker 2 (2026-04-09 08-19-31)
These organizations are the backbone of cross -sector intelligence sharing.
5:57
S…
Speaker 1 (2026-04-09 08-19-31)
Secondly,
5:58
S…
Speaker 2 (2026-04-09 08-19-31)
you don't want your information sharing to be manual.
6:00
S…
Speaker 2 (2026-04-09 08-19-31)
Set up automated sharing pipelines using taxi servers and sticks speeds things
6:04
S…
Speaker 2 (2026-04-09 08-19-31)
up, especially if your team is short on time or staff.
6:07
S…
Speaker 1 (2026-04-09 08-19-31)
Third,
6:08
S…
Speaker 2 (2026-04-09 08-19-31)
configure your threat intel platforms to actively pull sticks data over taxi
6:12
S…
Speaker 2 (2026-04-09 08-19-31)
so your indicators are always fresh.
6:15
S…
Speaker 1 (2026-04-09 08-19-31)
Fourth,
6:15
S…
Speaker 2 (2026-04-09 08-19-31)
bring all that intel into your tools,
6:17
S…
Speaker 2 (2026-04-09 08-19-31)
whether you're using Splunk,
6:19
S…
Speaker 2 (2026-04-09 08-19-31)
Elastic,
6:19
S…
Speaker 2 (2026-04-09 08-19-31)
or some other scene.
6:20
S…
Speaker 2 (2026-04-09 08-19-31)
And make sure MISP or similar feeds are integrated into your detection pipelines.
6:25
S…
Speaker 2 (2026-04-09 08-19-31)
And finally,
6:26
S…
Speaker 2 (2026-04-09 08-19-31)
remember this isn't just about technology,
6:28
S…
Speaker 2 (2026-04-09 08-19-31)
it's about people.
6:29
S…
Speaker 2 (2026-04-09 08-19-31)
You want to build trust relationships and share intelligence when it matters.
6:32
S…
Speaker 2 (2026-04-09 08-19-31)
The value of information increases the moment it's shared with somebody that
6:37
S…
Speaker 2 (2026-04-09 08-19-31)
can meaningfully act on it.
6:38
S…
Speaker 1 (2026-04-09 08-19-31)
In
6:48
S…
Speaker 2 (2026-04-09 08-19-31)
this video, we're diving deep into two of the most impactful cyber operations of the past decade.
6:52
S…
Speaker 2 (2026-04-09 08-19-31)
The SolarWinds supply chain compromise and the NotPetya attack.
6:56
S…
Speaker 2 (2026-04-09 08-19-31)
We'll break down each incident through a cyber intelligence lens.
6:59
S…
Speaker 2 (2026-04-09 08-19-31)
We'll look at the adversaries behind the attacks,
7:02
S…
Speaker 2 (2026-04-09 08-19-31)
their tactics and techniques,
7:03
S…
Speaker 2 (2026-04-09 08-19-31)
and how intelligence was applied at every level.
7:06
S…
Speaker 2 (2026-04-09 08-19-31)
from raw indicators to national security strategy.
7:09
S…
Speaker 2 (2026-04-09 08-19-31)
You'll see how attribution,
7:12
S…
Speaker 2 (2026-04-09 08-19-31)
sharing, and collaboration played out in real time and also where
7:16
S…
Speaker 1 (2026-04-09 08-19-31)
things went wrong.
7:17
S…
Speaker 2 (2026-04-09 08-19-31)
Most importantly,
7:18
S…
Speaker 2 (2026-04-09 08-19-31)
we'll extract the lessons that every analyst,
7:20
S…
Speaker 2 (2026-04-09 08-19-31)
hunter, and defender should carry forward.
7:23
S…
Speaker 2 (2026-04-09 08-19-31)
Let's jump into the real -world application of CTI and see what
7:27
S…
Speaker 2 (2026-04-09 08-19-31)
it takes to turn information into action.
7:29
S…
Speaker 2 (2026-04-09 08-19-31)
Let's start with the background.
7:30
S…
Speaker 2 (2026-04-09 08-19-31)
The SolarWinds Orion platform is a widely used IT monitoring
7:34
S…
Speaker 2 (2026-04-09 08-19-31)
and management tool.
7:36
S…
Speaker 2 (2026-04-09 08-19-31)
It's trusted by over 30 ,000 organizations,
7:38
S…
Speaker 2 (2026-04-09 08-19-31)
including multiple U .S.
7:40
S…
Speaker 2 (2026-04-09 08-19-31)
federal agencies.
7:41
S…
Speaker 2 (2026-04-09 08-19-31)
In December 2020,
7:44
S…
Speaker 2 (2026-04-09 08-19-31)
FIRE discovered that they had been compromised not through a phishing email,
7:47
S…
Speaker 2 (2026-04-09 08-19-31)
not through a brute force attack,
7:49
S…
Speaker 2 (2026-04-09 08-19-31)
but through a supply chain backdoor that had been embedded in a legitimate Orion
7:53
S…
Speaker 2 (2026-04-09 08-19-31)
software update.
7:54
S…
Speaker 2 (2026-04-09 08-19-31)
This malware was later named Sunburst.
7:57
S…
Speaker 2 (2026-04-09 08-19-31)
It had been quietly distributed to customers through trusted update channels.
8:01
S…
Speaker 2 (2026-04-09 08-19-31)
The operation was eventually attributed to APT -29,
8:05
S…
Speaker 2 (2026-04-09 08-19-31)
also known as Cozy Bear.
8:07
S…
Speaker 2 (2026-04-09 08-19-31)
Cozy Bear is a Russian state -sponsored threat group with
8:11
S…
Speaker 2 (2026-04-09 08-19-31)
a history of cyber espionage targeting Western governments.
8:14
S…
Speaker 2 (2026-04-09 08-19-31)
Here's how the attack unfolded.
8:16
S…
Speaker 2 (2026-04-09 08-19-31)
It began in September 2019 when APT -29 gained initial
8:20
S…
Speaker 2 (2026-04-09 08-19-31)
access to the SolarWinds environment.
8:22
S…
Speaker 2 (2026-04-09 08-19-31)
By March 2020,
8:23
S…
Speaker 2 (2026-04-09 08-19-31)
they had successfully modified a legitimate Orion software update,
8:27
S…
Speaker 2 (2026-04-09 08-19-31)
injecting the Sunburst backdoor into the supply chain.
8:30
S…
Speaker 2 (2026-04-09 08-19-31)
This update was then digitally signed and distributed to thousands of SolarWinds
8:34
S…
Speaker 1 (2026-04-09 08-19-31)
customers.
8:35
S…
Speaker 2 (2026-04-09 08-19-31)
The campaign remained undetected for months until December
8:39
S…
Speaker 2 (2026-04-09 08-19-31)
2020, when FireEye discovered the compromise during an internal investigation.
8:43
S…
Speaker 2 (2026-04-09 08-19-31)
This led to a rapid series of public disclosures and coordinated incident
8:47
S…
Speaker 2 (2026-04-09 08-19-31)
response efforts across government and private industries.
8:51
S…
Speaker 2 (2026-04-09 08-19-31)
The actors behind the SolarWinds Compromise were identified as APT29,
8:56
S…
Speaker 2 (2026-04-09 08-19-31)
also known as Cozy Bear,
8:57
S…
Speaker 2 (2026-04-09 08-19-31)
as mentioned before.
8:58
S…
Speaker 2 (2026-04-09 08-19-31)
This group is linked to Russia's foreign intelligence service,
9:01
S…
Speaker 2 (2026-04-09 08-19-31)
the SVR.
9:02
S…
Speaker 2 (2026-04-09 08-19-31)
It's no stranger to high -profile espionage campaigns.
9:05
S…
Speaker 2 (2026-04-09 08-19-31)
This threat group had also been previously tied to the 2016
9:09
S…
Speaker 2 (2026-04-09 08-19-31)
breach of the Democratic National Committee and are well regarded,
9:13
S…
Speaker 2 (2026-04-09 08-19-31)
unfortunately,
9:14
S…
Speaker 2 (2026-04-09 08-19-31)
for their stealth,
9:15
S…
Speaker 2 (2026-04-09 08-19-31)
patience, and operational discipline.
9:17
S…
Speaker 2 (2026-04-09 08-19-31)
APT29 is known for maintaining long dwell times in victim environments.
9:22
S…
Speaker 2 (2026-04-09 08-19-31)
They often go unnoticed for months.
9:24
S…
Speaker 2 (2026-04-09 08-19-31)
Their campaigns typically prioritize intelligence collection over disruption,
9:27
S…
Speaker 2 (2026-04-09 08-19-31)
and they often employ strong OPSEC to avoid detection and attribution.
9:31
S…
Speaker 2 (2026-04-09 08-19-31)
Let's break down some of the TTP's APT29 used during the SolarWinds
9:36
S…
Speaker 1 (2026-04-09 08-19-31)
compromise.
9:36
S…
Speaker 2 (2026-04-09 08-19-31)
First and foremost,
9:38
S…
Speaker 2 (2026-04-09 08-19-31)
this was a sophisticated supply chain attack.
9:42
S…
Speaker 2 (2026-04-09 08-19-31)
APT -29 compromised the build process of SolarWinds Orion software
9:46
S…
Speaker 2 (2026-04-09 08-19-31)
to distribute a trojanized update.
9:48
S…
Speaker 2 (2026-04-09 08-19-31)
This update was known as Sunburst,
9:50
S…
Speaker 2 (2026-04-09 08-19-31)
and it was distributed to thousands of downstream victims.
9:53
S…
Speaker 1 (2026-04-09 08-19-31)
Once inside,
9:55
S…
Speaker 2 (2026-04-09 08-19-31)
they escalated using SAML token forgery,
9:58
S…
Speaker 2 (2026-04-09 08-19-31)
allowing them to impersonate...
10:00
S…
Speaker 2 (2026-04-09 08-19-31)
privileged users and moved laterally across networks.
10:02
S…
Speaker 2 (2026-04-09 08-19-31)
They made heavy use of Windows tools,
10:04
S…
Speaker 2 (2026-04-09 08-19-31)
a hallmark of living off the land binaries or law pass,
10:07
S…
Speaker 2 (2026-04-09 08-19-31)
to blend in with legitimate activity and to reduce detection.
10:10
S…
Speaker 2 (2026-04-09 08-19-31)
And for command and control,
10:12
S…
Speaker 2 (2026-04-09 08-19-31)
they communicated over HTTPS,
10:14
S…
Speaker 2 (2026-04-09 08-19-31)
disguising their traffic to look like normal web browsing.
10:17
S…
Speaker 2 (2026-04-09 08-19-31)
This helped them to maintain persistence and evade monitoring tools.
10:20
S…
Speaker 2 (2026-04-09 08-19-31)
Altogether,
10:21
S…
Speaker 2 (2026-04-09 08-19-31)
these tactics demonstrate a highly advanced actor,
10:24
S…
Speaker 2 (2026-04-09 08-19-31)
focused on stealth,
10:25
S…
Speaker 2 (2026-04-09 08-19-31)
privilege escalation,
10:26
S…
Speaker 2 (2026-04-09 08-19-31)
and intelligence collection.
10:28
S…
Speaker 2 (2026-04-09 08-19-31)
Let's look at how the SolarWinds incident touches each level of threat intelligence.
10:33
S…
Speaker 1 (2026-04-09 08-19-31)
At the strategic level,
10:34
S…
Speaker 2 (2026-04-09 08-19-31)
this compromise had massive national security implications.
10:37
S…
Speaker 2 (2026-04-09 08-19-31)
It raised concerns about vendor trust,
10:39
S…
Speaker 2 (2026-04-09 08-19-31)
supply chain integrity,
10:40
S…
Speaker 2 (2026-04-09 08-19-31)
and foreign espionage targeting government networks.
10:43
S…
Speaker 2 (2026-04-09 08-19-31)
It impacted policy and investment in software assurance.
10:46
S…
Speaker 1 (2026-04-09 08-19-31)
At the operational level,
10:48
S…
Speaker 2 (2026-04-09 08-19-31)
analysts worked to identify and track command and control infrastructure using the
10:52
S…
Speaker 1 (2026-04-09 08-19-31)
campaign.
10:53
S…
Speaker 2 (2026-04-09 08-19-31)
This helped offenders disrupt communications and monitor for signs of activity.
10:57
S…
Speaker 2 (2026-04-09 08-19-31)
On the tactical level,
10:58
S…
Speaker 2 (2026-04-09 08-19-31)
we mapped observed behaviors and tools such as token forgery and law pass usage
11:02
S…
Speaker 2 (2026-04-09 08-19-31)
against a minor attack framework to better understand adversary tradecraft and
11:07
S…
Speaker 2 (2026-04-09 08-19-31)
detection opportunities.
11:08
S…
Speaker 2 (2026-04-09 08-19-31)
And finally,
11:09
S…
Speaker 1 (2026-04-09 08-19-31)
at the technical level,
11:10
S…
Speaker 2 (2026-04-09 08-19-31)
a wide range of indicators of compromise,
11:12
S…
Speaker 2 (2026-04-09 08-19-31)
including file hashes,
11:14
S…
Speaker 2 (2026-04-09 08-19-31)
malicious domains,
11:15
S…
Speaker 2 (2026-04-09 08-19-31)
SSL cert fingerprints,
11:17
S…
Speaker 2 (2026-04-09 08-19-31)
and IP addresses were shared and ingested into defensive tools for
11:21
S…
Speaker 2 (2026-04-09 08-19-31)
alerting and blocking.
11:22
S…
Speaker 2 (2026-04-09 08-19-31)
This case study shows how a single incident can generate actionable insights across
11:26
S…
Speaker 2 (2026-04-09 08-19-31)
every level of intelligence,
11:28
S…
Speaker 2 (2026-04-09 08-19-31)
from policy to packet.
11:29
S…
Speaker 2 (2026-04-09 08-19-31)
The response to the SolarWinds attack is a textbook example of
11:33
S…
Speaker 2 (2026-04-09 08-19-31)
CDI collaboration done right.
11:35
S…
Speaker 2 (2026-04-09 08-19-31)
FireEye,
11:36
S…
Speaker 2 (2026-04-09 08-19-31)
who first detected the intrusion,
11:38
S…
Speaker 2 (2026-04-09 08-19-31)
coordinated with CISA,
11:39
S…
Speaker 2 (2026-04-09 08-19-31)
Microsoft,
11:40
S…
Speaker 2 (2026-04-09 08-19-31)
and Velexity.
11:41
S…
Speaker 2 (2026-04-09 08-19-31)
These organizations pulled their files together,
11:43
S…
Speaker 2 (2026-04-09 08-19-31)
combining endpoint forensics,
11:45
S…
Speaker 2 (2026-04-09 08-19-31)
malware reverse engineering,
11:47
S…
Speaker 2 (2026-04-09 08-19-31)
and infrastructure tracking.
11:48
S…
Speaker 2 (2026-04-09 08-19-31)
Indicators of compromise and behavioral detections were shared in real -time using
11:53
S…
Speaker 2 (2026-04-09 08-19-31)
sticks and taxi formats,
11:54
S…
Speaker 2 (2026-04-09 08-19-31)
and many were made publicly available via GitHub to help defenders rapidly
11:58
S…
Speaker 1 (2026-04-09 08-19-31)
respond.
12:00
S…
Speaker 2 (2026-04-09 08-19-31)
The Traffic Light Protocol also played a vital role in coordinating this effort,
12:04
S…
Speaker 2 (2026-04-09 08-19-31)
starting with TLP Red High Trust discussions,
12:07
S…
Speaker 2 (2026-04-09 08-19-31)
then expanding to TLP Amber for internal use,
12:10
S…
Speaker 2 (2026-04-09 08-19-31)
and finally moving to TLP White,
12:12
S…
Speaker 2 (2026-04-09 08-19-31)
allowing open public disclosure and defense.
12:15
S…
Speaker 2 (2026-04-09 08-19-31)
This is a real -world demonstration of what can happen when
12:19
S…
Speaker 2 (2026-04-09 08-19-31)
vendors, government agencies,
12:21
S…
Speaker 2 (2026-04-09 08-19-31)
and researchers share intelligence at scale.
12:24
S…
Speaker 2 (2026-04-09 08-19-31)
intelligence that is coordinated,
12:25
S…
Speaker 1 (2026-04-09 08-19-31)
structured,
12:26
S…
Speaker 1 (2026-04-09 08-19-31)
and quickly shared.
12:27
S…
Speaker 2 (2026-04-09 08-19-31)
The SolarWinds compromise left the cybersecurity community with several critical lessons.
12:32
S…
Speaker 1 (2026-04-09 08-19-31)
First,
12:32
S…
Speaker 2 (2026-04-09 08-19-31)
CTI must include vendor trust models.
12:35
S…
Speaker 2 (2026-04-09 08-19-31)
Traditional threat intelligence often focuses on external actors,
12:39
S…
Speaker 2 (2026-04-09 08-19-31)
but the case showed that the vendors can become threat vectors.
12:42
S…
Speaker 2 (2026-04-09 08-19-31)
Supply chain risk must be a part of our threat modeling going
12:46
S…
Speaker 1 (2026-04-09 08-19-31)
forward.
12:47
S…
Speaker 1 (2026-04-09 08-19-31)
Second,
12:47
S…
Speaker 2 (2026-04-09 08-19-31)
detection requires more than just malware signatures.
12:51
S…
Speaker 2 (2026-04-09 08-19-31)
APT29 used native tools and legitimate channels to move through networks.
12:55
S…
Speaker 2 (2026-04-09 08-19-31)
Without deep telemetry across authentication,
12:58
S…
Speaker 2 (2026-04-09 08-19-31)
cloud,
12:59
S…
Speaker 2 (2026-04-09 08-19-31)
and endpoint, this activity could have gone unnoticed for even longer.
13:02
S…
Speaker 2 (2026-04-09 08-19-31)
And third,
13:03
S…
Speaker 2 (2026-04-09 08-19-31)
attribution matters.
13:04
S…
Speaker 2 (2026-04-09 08-19-31)
Linking the campaign to APT29 and the Russian SBR shaped
13:09
S…
Speaker 1 (2026-04-09 08-19-31)
how the U .S.
13:10
S…
Speaker 2 (2026-04-09 08-19-31)
government and private sector responded.
13:12
S…
Speaker 2 (2026-04-09 08-19-31)
It influenced sanctions,
13:14
S…
Speaker 2 (2026-04-09 08-19-31)
diplomatic posture,
13:15
S…
Speaker 2 (2026-04-09 08-19-31)
and public trust.
13:15
S…
Speaker 1 (2026-04-09 08-19-31)
The takeaway?
13:17
S…
Speaker 2 (2026-04-09 08-19-31)
Threat intelligence isn't just about indicators.
13:19
S…
Speaker 2 (2026-04-09 08-19-31)
It's about context,
13:20
S…
Speaker 2 (2026-04-09 08-19-31)
relationships,
13:21
S…
Speaker 2 (2026-04-09 08-19-31)
and oftentimes consequences.
13:23
S…
Speaker 2 (2026-04-09 08-19-31)
Our second case study takes us to June 2017,
13:27
S…
Speaker 2 (2026-04-09 08-19-31)
when a global cyber attack at first glance looked just like a ransomware
13:31
S…
Speaker 1 (2026-04-09 08-19-31)
campaign.
13:31
S…
Speaker 2 (2026-04-09 08-19-31)
The attack primarily targeted Ukrainian organizations leveraging
13:35
S…
Speaker 2 (2026-04-09 08-19-31)
a software supply chain compromise via Medoc,
13:38
S…
Speaker 2 (2026-04-09 08-19-31)
a popular tax accounting platform.
13:40
S…
Speaker 2 (2026-04-09 08-19-31)
Victims were presented with a familiar ransom demand.
13:43
S…
Speaker 2 (2026-04-09 08-19-31)
Send us your Bitcoin to recover your files.
13:47
S…
Speaker 1 (2026-04-09 08-19-31)
But as researchers quickly discovered,
13:49
S…
Speaker 2 (2026-04-09 08-19-31)
the encryption keys were non -functional.
13:51
S…
Speaker 2 (2026-04-09 08-19-31)
There was no way to try to decrypt the data.
13:53
S…
Speaker 2 (2026-04-09 08-19-31)
This wasn't ransomware for financial gain.
13:56
S…
Speaker 2 (2026-04-09 08-19-31)
It was a wiper masquerading as ransomware to cause confusion and disruption.
14:00
S…
Speaker 2 (2026-04-09 08-19-31)
And the damage didn't stop in Ukraine.
14:02
S…
Speaker 2 (2026-04-09 08-19-31)
Multinational corporations were impacted worldwide,
14:05
S…
Speaker 2 (2026-04-09 08-19-31)
causing billions of dollars in damage.
14:08
S…
Speaker 2 (2026-04-09 08-19-31)
NotPetya redefined how we think about ransomware as a weapon,
14:11
S…
Speaker 2 (2026-04-09 08-19-31)
not just a business model.
14:13
S…
Speaker 2 (2026-04-09 08-19-31)
Let's take a look at what made the NotPetya attack so unique and so devastating.
14:17
S…
Speaker 1 (2026-04-09 08-19-31)
First,
14:18
S…
Speaker 2 (2026-04-09 08-19-31)
it wasn't true ransomware.
14:19
S…
Speaker 2 (2026-04-09 08-19-31)
Despite displaying a ransom message,
14:21
S…
Speaker 2 (2026-04-09 08-19-31)
the malware acted as a wiper,
14:23
S…
Speaker 2 (2026-04-09 08-19-31)
intentionally destroying data with no way to recover it.
14:26
S…
Speaker 2 (2026-04-09 08-19-31)
It leveraged two powerful NSA -leaked exploits,
14:30
S…
Speaker 2 (2026-04-09 08-19-31)
Eternal Blue and Eternal Romance.
14:32
S…
Speaker 2 (2026-04-09 08-19-31)
These targeted vulnerabilities in SMB protocols and rapidly spread across
14:36
S…
Speaker 1 (2026-04-09 08-19-31)
networks.
14:38
S…
Speaker 2 (2026-04-09 08-19-31)
Once inside,
14:39
S…
Speaker 2 (2026-04-09 08-19-31)
it used meme accounts to harvest credentials for memory,
14:41
S…
Speaker 2 (2026-04-09 08-19-31)
gaining access and expanding control.
14:43
S…
Speaker 2 (2026-04-09 08-19-31)
For lateral movement,
14:45
S…
Speaker 2 (2026-04-09 08-19-31)
it also used PSExec,
14:47
S…
Speaker 2 (2026-04-09 08-19-31)
a legitimate Windows tool to propagate across systems with the harvested credentials.
14:50
S…
Speaker 2 (2026-04-09 08-19-31)
The combination of nation -state -grade exploits and legitimate admin tools made
14:55
S…
Speaker 2 (2026-04-09 08-19-31)
NotPetya fast,
14:56
S…
Speaker 1 (2026-04-09 08-19-31)
destructive,
14:56
S…
Speaker 2 (2026-04-09 08-19-31)
and incredibly difficult to contain.
15:00
S…
Speaker 1 (2026-04-09 08-19-31)
Attribution for NotPetya didn't come instantly.
15:02
S…
Speaker 1 (2026-04-09 08-19-31)
It unfolded over time as investigators were able to connect the dots.
15:05
S…
Speaker 2 (2026-04-09 08-19-31)
Initially,
15:06
S…
Speaker 1 (2026-04-09 08-19-31)
there was a lot of confusion.
15:08
S…
Speaker 1 (2026-04-09 08-19-31)
It looked like just another ransomware attack,
15:10
S…
Speaker 1 (2026-04-09 08-19-31)
but a very aggressive one.
15:11
S…
Speaker 1 (2026-04-09 08-19-31)
Researchers dug deeper.
15:13
S…
Speaker 1 (2026-04-09 08-19-31)
They found no functional decryption mechanism and noticed that it was highly
15:17
S…
Speaker 1 (2026-04-09 08-19-31)
targeted toward Ukraine.
15:19
S…
Speaker 1 (2026-04-09 08-19-31)
Over the following weeks,
15:20
S…
Speaker 1 (2026-04-09 08-19-31)
more indicators emerged.
15:21
S…
Speaker 1 (2026-04-09 08-19-31)
Shared infrastructure,
15:22
S…
Speaker 1 (2026-04-09 08-19-31)
malware similarities,
15:23
S…
Speaker 1 (2026-04-09 08-19-31)
and geopolitical context.
15:25
S…
Speaker 1 (2026-04-09 08-19-31)
All pointing away from cybercrime and toward state -backed activity.
15:30
S…
Speaker 1 (2026-04-09 08-19-31)
Eventually, multiple governments and security firms attributed the attack to the Russian GRU,
15:34
S…
Speaker 1 (2026-04-09 08-19-31)
specifically APT -28,
15:35
S…
Speaker 1 (2026-04-09 08-19-31)
also known as Sandworm.
15:37
S…
Speaker 1 (2026-04-09 08-19-31)
The motive behind all this was likely to destabilize Ukraine,
15:40
S…
Speaker 1 (2026-04-09 08-19-31)
disrupt its financial systems,
15:42
S…
Speaker 1 (2026-04-09 08-19-31)
and send a message of capability and intent,
15:44
S…
Speaker 1 (2026-04-09 08-19-31)
while causing collateral economic damage worldwide.
15:49
S…
Speaker 1 (2026-04-09 08-19-31)
NotPetya blurred the line between cybercrime and cyberwarfare,
15:52
S…
Speaker 1 (2026-04-09 08-19-31)
and the attribution process highlighted the importance of contextual and multi
15:56
S…
Speaker 1 (2026-04-09 08-19-31)
-sourced intelligence.
15:57
S…
Speaker 1 (2026-04-09 08-19-31)
NotPetya also exposed some key intelligence missteps,
16:00
S…
Speaker 1 (2026-04-09 08-19-31)
highlighting what can go wrong when assumptions go unchallenged.
16:03
S…
Speaker 2 (2026-04-09 08-19-31)
First,
16:05
S…
Speaker 1 (2026-04-09 08-19-31)
the malware was initially classified as ransomware.
16:08
S…
Speaker 1 (2026-04-09 08-19-31)
This led many defenders to treat it as a typical financial crime rather
16:12
S…
Speaker 1 (2026-04-09 08-19-31)
than an active cyber sabotage.
16:14
S…
Speaker 1 (2026-04-09 08-19-31)
This delayed the correct strategic and operational response.
16:17
S…
Speaker 2 (2026-04-09 08-19-31)
Second,
16:18
S…
Speaker 1 (2026-04-09 08-19-31)
there was a lack of immediate cross -sector sharing.
16:20
S…
Speaker 1 (2026-04-09 08-19-31)
Many companies learned about the threat only after they were infected.
16:24
S…
Speaker 2 (2026-04-09 08-19-31)
Earlier,
16:25
S…
Speaker 1 (2026-04-09 08-19-31)
collaboration between sectors and nations could have helped contain the spread.
16:29
S…
Speaker 1 (2026-04-09 08-19-31)
And finally,
16:30
S…
Speaker 1 (2026-04-09 08-19-31)
there was an overemphasis on the malware itself,
16:32
S…
Speaker 1 (2026-04-09 08-19-31)
on the payload,
16:33
S…
Speaker 2 (2026-04-09 08-19-31)
the code,
16:34
S…
Speaker 2 (2026-04-09 08-19-31)
and the indicators.
16:35
S…
Speaker 1 (2026-04-09 08-19-31)
That technical focus led to a missed opportunity to identify a broader strategic
16:40
S…
Speaker 1 (2026-04-09 08-19-31)
intent of geopolitical disruption.
16:42
S…
Speaker 1 (2026-04-09 08-19-31)
Effective cyber threat intelligence must go beyond IOCs and code.
16:46
S…
Speaker 1 (2026-04-09 08-19-31)
It must consider intent,
16:48
S…
Speaker 2 (2026-04-09 08-19-31)
timing,
16:49
S…
Speaker 1 (2026-04-09 08-19-31)
and who's going to benefit.
16:50
S…
Speaker 1 (2026-04-09 08-19-31)
That's how you turn data into true intelligence.
16:53
S…
Speaker 1 (2026-04-09 08-19-31)
Now let's break down how CTI was,
16:55
S…
Speaker 1 (2026-04-09 08-19-31)
or more importantly,
16:56
S…
Speaker 1 (2026-04-09 08-19-31)
how it should have been applied at every level during the NotPetya attack.
17:00
S…
Speaker 1 (2026-04-09 08-19-31)
At the strategic level,
17:01
S…
Speaker 1 (2026-04-09 08-19-31)
the incident highlighted the growing use of cyber warfare by nation -states,
17:04
S…
Speaker 1 (2026-04-09 08-19-31)
specifically Russia's GRU.
17:07
S…
Speaker 1 (2026-04-09 08-19-31)
It also highlighted the need for national policies around deterrence,
17:11
S…
Speaker 1 (2026-04-09 08-19-31)
resilience,
17:11
S…
Speaker 1 (2026-04-09 08-19-31)
and critical infrastructure protection.
17:13
S…
Speaker 1 (2026-04-09 08-19-31)
At the operational level,
17:15
S…
Speaker 1 (2026-04-09 08-19-31)
defenders needed to assess the impact across sectors and geographies,
17:18
S…
Speaker 1 (2026-04-09 08-19-31)
especially as the infection spilled from the Ukraine to global corporations
17:22
S…
Speaker 1 (2026-04-09 08-19-31)
like Maersk and Merck.
17:24
S…
Speaker 1 (2026-04-09 08-19-31)
The tactical level involved understanding the attack's methods,
17:27
S…
Speaker 1 (2026-04-09 08-19-31)
the use of Eternal Blue,
17:29
S…
Speaker 2 (2026-04-09 08-19-31)
Mimikatz,
17:30
S…
Speaker 2 (2026-04-09 08-19-31)
and PS Exec,
17:31
S…
Speaker 1 (2026-04-09 08-19-31)
and how it moved laterally with speed and stealth.
17:34
S…
Speaker 1 (2026-04-09 08-19-31)
And at the technical level,
17:36
S…
Speaker 1 (2026-04-09 08-19-31)
teams needed to identify and distribute IOCs,
17:38
S…
Speaker 1 (2026-04-09 08-19-31)
hashes,
17:39
S…
Speaker 1 (2026-04-09 08-19-31)
IPs,
17:40
S…
Speaker 1 (2026-04-09 08-19-31)
and YARA rules to detect and contain the malware as quickly as possible.
17:44
S…
Speaker 1 (2026-04-09 08-19-31)
When applied across all four levels,
17:46
S…
Speaker 1 (2026-04-09 08-19-31)
CTI becomes a powerful tool,
17:47
S…
Speaker 1 (2026-04-09 08-19-31)
not just for understanding the attack,
17:49
S…
Speaker 1 (2026-04-09 08-19-31)
but stopping the next one.
17:51
S…
Speaker 1 (2026-04-09 08-19-31)
NotPetya didn't just affect Ukrainian targets.
17:54
S…
Speaker 1 (2026-04-09 08-19-31)
It had a massive ripple effect across the entire globe.
17:57
S…
Speaker 1 (2026-04-09 08-19-31)
Major companies like Maersk,
17:59
S…
Speaker 1 (2026-04-09 08-19-31)
FedEx's TNT Express,
18:00
S…
Speaker 2 (2026-04-09 08-19-31)
Merck,
18:01
S…
Speaker 1 (2026-04-09 08-19-31)
and St.
18:02
S…
Speaker 1 (2026-04-09 08-19-31)
Gobain were hit hard.
18:03
S…
Speaker 1 (2026-04-09 08-19-31)
Their operations were paralyzed,
18:05
S…
Speaker 1 (2026-04-09 08-19-31)
shipping lanes were stopped,
18:06
S…
Speaker 1 (2026-04-09 08-19-31)
production was halted,
18:07
S…
Speaker 1 (2026-04-09 08-19-31)
and logistics chains were broken.
18:09
S…
Speaker 1 (2026-04-09 08-19-31)
The total estimated damages for the NotPetya attack were about 10 billion
18:13
S…
Speaker 2 (2026-04-09 08-19-31)
worldwide.
18:14
S…
Speaker 1 (2026-04-09 08-19-31)
One of the most remarkable stories came from Marsk.
18:17
S…
Speaker 1 (2026-04-09 08-19-31)
The company's entire active directory infrastructure was wiped out
18:21
S…
Speaker 1 (2026-04-09 08-19-31)
completely across hundreds of offices and thousands of endpoints.
18:25
S…
Speaker 2 (2026-04-09 08-19-31)
However,
18:26
S…
Speaker 1 (2026-04-09 08-19-31)
they managed to rebuild everything from a single surviving domain controller that was located
18:30
S…
Speaker 1 (2026-04-09 08-19-31)
in Ghana.
18:31
S…
Speaker 1 (2026-04-09 08-19-31)
It had been offline during the attack due to a power outage.
18:34
S…
Speaker 1 (2026-04-09 08-19-31)
This case is a stark reminder of the collateral damage that
18:38
S…
Speaker 1 (2026-04-09 08-19-31)
state -backed cyber operations can cause,
18:40
S…
Speaker 1 (2026-04-09 08-19-31)
even when the intended target is someone else.
18:43
S…
Speaker 1 (2026-04-09 08-19-31)
Not, Petya taught the cybersecurity community some hard,
18:46
S…
Speaker 1 (2026-04-09 08-19-31)
valuable lessons.
18:47
S…
Speaker 2 (2026-04-09 08-19-31)
First,
18:48
S…
Speaker 1 (2026-04-09 08-19-31)
attribution isn't just about who did it.
18:50
S…
Speaker 1 (2026-04-09 08-19-31)
It's about understanding the intent.
18:52
S…
Speaker 1 (2026-04-09 08-19-31)
Why was the attack launched?
18:54
S…
Speaker 1 (2026-04-09 08-19-31)
What was their strategic objective?
18:57
S…
Speaker 1 (2026-04-09 08-19-31)
The framing is critical for both defense and policy response.
19:00
S…
Speaker 2 (2026-04-09 08-19-31)
Second,
19:01
S…
Speaker 1 (2026-04-09 08-19-31)
threat intelligence teams must constantly reassess the why behind the attack.
19:05
S…
Speaker 1 (2026-04-09 08-19-31)
Early assessments pegged NotPetya as ransomware.
19:08
S…
Speaker 1 (2026-04-09 08-19-31)
But the true motive,
19:09
S…
Speaker 1 (2026-04-09 08-19-31)
disruption and destabilization,
19:11
S…
Speaker 1 (2026-04-09 08-19-31)
only became clearer with more broad analysis.
19:14
S…
Speaker 1 (2026-04-09 08-19-31)
And finally,
19:15
S…
Speaker 1 (2026-04-09 08-19-31)
strategic and operational intelligence can't lag behind those technical indicators.
19:19
S…
Speaker 1 (2026-04-09 08-19-31)
While IOCs and malware signatures are important,
19:22
S…
Speaker 1 (2026-04-09 08-19-31)
they're not enough.
19:24
S…
Speaker 1 (2026-04-09 08-19-31)
Defenders need timely,
19:25
S…
Speaker 1 (2026-04-09 08-19-31)
contextual intelligence to shape effective response and risk decisions.
19:29
S…
Speaker 1 (2026-04-09 08-19-31)
Real CTI connects the dots across indicators,
19:33
S…
Speaker 1 (2026-04-09 08-19-31)
behaviors,
19:33
S…
Speaker 1 (2026-04-09 08-19-31)
motivations,
19:34
S…
Speaker 2 (2026-04-09 08-19-31)
and impacts.
19:35
S…
Speaker 1 (2026-04-09 08-19-31)
Let's wrap this up with a few key takeaways that not only apply to these cases,
19:39
S…
Speaker 1 (2026-04-09 08-19-31)
but to cyber threat intelligence as a whole.
19:41
S…
Speaker 2 (2026-04-09 08-19-31)
First,
19:42
S…
Speaker 1 (2026-04-09 08-19-31)
CTI is dynamic.
19:44
S…
Speaker 1 (2026-04-09 08-19-31)
It can't be static or reactive.
19:45
S…
Speaker 1 (2026-04-09 08-19-31)
It must evolve with adversaries,
19:47
S…
Speaker 1 (2026-04-09 08-19-31)
adapting to their changing tactics,
19:49
S…
Speaker 1 (2026-04-09 08-19-31)
tools, and motivations.
Αυτό το αντίγραφο δημιουργήθηκε από τον AI (αυτόματη αναγνώριση ομιλίας). Μπορεί να περιέχει σφάλματα ~ επαλήθευση ενάντια στον αρχικό ήχο για κρίσιμη χρήση. Πολιτική AI
Περίληψη
Κάντε κλικ στο Summarize για να δημιουργήσετε μια περίληψη AI αυτής της μεταγραφής.
Συνοψίζοντας...
Ρωτήστε τον Αλ γι' αυτό το σενάριο.
Ρωτήστε οτιδήποτε σχετικά με αυτό το αντίγραφο, το AI θα βρει σχετικές ενότητες και θα απαντήσει.