The rise in targeted eCrime attacks was a major focus of CrowdStrikes 2020 Global Threat Report. The OverWatch threat hunting team has continued to see this trend in 2020 as criminal adversaries evolve to capitalize on targeted tactics, particularly with intent to deploy ransomware. This presentation covers how these intrusions occur and what you should look for in your threat hunting to uncover them. Discussion will include details on the commands the adversaries are actually running to exploit their victims.

Attendees will learn:

— More about the current eCrime ecosystem
— Targeted eCrime techniques recently observed in the wild
— How to use threat hunting to discover eCrime actors before they accomplish their objectives

Speaker Bios

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at Black Hat, multiple SANS Summits, Sp4rkcon, and many other events. Katie has also served as a co-chair of the SANS CTI Summit and FIRST CTI Symposium. She was the 2018 recipient of the Presidents Award from the Womens Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins

Karl Scheuerman

Karl is a Senior Strategic Intrusion Analyst on CrowdStrike’s OverWatch threat hunting team. Previously, he led threat intelligence programs for the Department of Energy. Karl began his career as an Air Force officer and he continues to serve in the Air National Guard as commander of a threat intelligence squadron. He holds multiple SANS certifications, a Bachelor of Science degree from the U.S. Air Force Academy, and a Master of Public Policy degree from the University of Maryland, College Park. You can follow him on Twitter at @KarlScheuerman.

Jason Wood

Jason is a Senior Researcher on CrowdStrike’s OverWatch threat hunting team. He has worked as a threat hunter, penetration tester, consultant, trainer, security engineer and systems administrator. Jason is involved in the security community through podcasting and speaking at conferences. You can find him every week on Security Weekly News and the InfoSec Career Podcast. Jason is also an instructor for SANS SEC504, Hacker Tools, Techniques, Exploits, and Incident Handling. He holds a bachelors degree in Computer Science and the GCIH certification.