Introducing Threat Actor Campaigns

The statistics don’t lie. Cybersecurity attacks are on the rise. From ransomware to Denial-of-Service attacks, the stream of evolving threats is seemingly never-ending. Understanding the techniques adversaries use to execute their attacks is vital to developing an effective detection and mitigation strategy.

In our ongoing efforts to arm cybersecurity practitioners with the skills they need to stay ahead, we are excited to introduce our new series, Threat Actor Campaigns. These new collections of courses provide a complete overview of real-world kill chains and arm practitioners with the skills they need to know to stop threat actors in their tracks.

Get hands-on with Cybrary’s Threat Actor Campaigns

Threat Actor Campaigns comprise interactive courses built around observed adversary tactics and techniques aligned to the MITRE ATT&CK® Framework. These series of courses are designed for you to learn by doing. Leveraging hands-on lab experiences, you will learn what to look for and then get the chance to apply what you’ve learned to build detections to identify specific adversary techniques.

It’s our goal that through hands-on experience, practitioners not only gain the technical skills needed to protect their organization but that they also build confidence in their abilities.

What can practitioners expect?

The courses in our Threat Actor Campaigns series kick off with a brief overview of the technique or sub-technique─what it is, why it’s used, and the potential risks. The next objective is to detect adversary behavior and validate whether or not there is a real threat. Finally, you will learn how to identify and detect adversary techniques, as well as discover multiple ways to mitigate them. Enabling you to prevent these security events before they take root in their organization.

In summary, through our Threat Actor Campaigns series you will:

• Work through realistic attack scenarios to understand how, why, and when these threat actors will target your environment.
• Shadow subject matter experts through in-depth video tutorials as they identify and validate threat actor behavior and build detections.
• Apply what you’ve learned to detect adversary techniques using enterprise-class security tools in a realistic environment and get actionable recommendations for mitigating risk.

A look at our first campaign – Ransomware for Financial Gain

According to the 2021 Verizon Data Breach Investigations Report, ransomware has increased by around 10%, making it the third most common type of attack among all breaches (Verizon, 2021). Threat actors continue to increasingly leverage ransomware to find new ways to extort victim organizations.

The first of our new campaigns, Ransomware for Financial Gain, provides an in-depth look into the tools and techniques financially-motivated threat actor groups, like the infamous FIN7, use to execute critical ransomware attacks.

What was once a simple scheme to encrypt target data has now expanded to include data disclosure and targeting the victim’s clients or suppliers. Understanding the techniques threat actors like FIN7 use to accomplish attacks is vital to developing an effective detection and mitigation strategy.

The interactive courses included in this series are:

1. Spearphishing Attachment & PowerShell
2. Application Shimming & Data from Local System
3. Kerberoasting & Domain Accounts
4. Match Legitimate Name or Location & Data Encrypted for Impact
5. Remote System Discovery & Remote Desktop Protocol
6. Nonstandard Port
7. Exfiltration to Cloud Storage

Subscribe to our Threat Actor Campaigns series to get notified when new campaigns are available. Get started here.

References:

1. Verizon. (2021). Verizon 2021 Data Breach Investigations Report. Retrieved April 27, 2022, from https://www.verizon.com/business/resources/reports/dbir/2021/