Miscellaneous
In this latest episode, we featured M-Trends contributors DominikWeber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)to take us on a deep dive of our annual M-Trends report. We discussedhow key metrics from our incident response investigations changed,including: dwell times, source of notification, number of threatactors tracked, and malware families/trends broken down by operatingsystem. Additionally, we highlighted things that stood out to Dominikand Dan, including:-Malware that used email for command and control-Malware that leveraged cryptography to protect further stages foranalysis [execution guardrails!]-How FLARE determines whether a malware sample is a "new" family vs avariant of an existing family we've seen before-Targeted ransomware trends-Chinese threat groups who have been active lately (APT40, APT41,APT5, and several uncategorized clusters), as well as how the recentUS Justice Department indictments may have impacted operations bythose APT groups-Dominik's involvement in the annual FLARE-ON challenge and what it'slike to create a challenge (encrypted web shell)For the full M-Trends report, visit:https://www.fireeye.com/current-threats/annual-threat-report/mtrends.htmlTo find out more about the FLARE-On challenge, visit:http://flare-on.com/