Search

 

HYAS threat intelligence expert David Brunsdon discuss the latest malware threats, how we investigate them, and how to bolster your cyber defenses to protect your organization. 

We detonate a lot of malware at HYAS - but what does that really mean? It’s an ongoing and automated process that feeds our data lake. We use a controlled environment, a sandbox, to automate the execution of the malware. It’s about isolation and monitoring. When the malware is detonated we collect the telemetry data, including network traffic, which includes DNS resolutions, callbacks to the C2, or downloading of additional files to augment the malware's capabilities.

We look at what’s happening locally on the box and note the behavior of the malware, such as processes it creates, files it drops to the file systems and executes, and other commands that are run. This all happens automatically and the sandboxing identifies the families and techniques used, which we review.

You will see a live detonation of a popular malware family to demonstrate how it is designed to breach your defenses. Then we’ll show you how to stop it in its tracks with best practices for defense and investigation. By the end of the webinar you'll have all the latest information on popular malware families and how to investigate and defend against them.

Key Takeaways:

  • Better understand the latest trends in malware and recent popular malware families.
  • Gain insights into how a variety of malware families work with a live detonation demonstration.
  • Learn how to investigate malware families and best practices for your defense strategy.