Adversary Universe Podcast – Details, episodes & analysis

Next week marks the start of Fal.Con 2024. CrowdStrike’s annual conference brings together cybersecurity leaders and practitioners, as well as our customers and partners, in Las Vegas for four days of keynotes, breakout sessions, workshops and demos.

Adam and Cristian will both be speaking at this year’s show. In this episode, they share the talks they’re most excited about and how they tie into the broader threat landscape. Some sessions will dive into insights from the CrowdStrike Counter Adversary Operations team; some will explore how adversaries are using large language models (LLMs) and how to defend against adversarial use of AI technology. One will discuss generative AI and data security, in particular how genAI raises concerns around privacy, data fencing, and IP, as well as how data can be misused when training new AI models.

A key highlight of Fal.Con is the Adversary Underground, during which Adam and Cristian will bring guests onstage to showcase a machine learning-based research project they’ve been working on.

Register for the Fal.Con Digital Experience to stream the keynotes live during the show and view select sessions on-demand after the event.

For students aspiring to work in cybersecurity, sitting in a classroom isn’t enough to gain the skills and experience they need to succeed. Industry internships are invaluable opportunities to learn how security pros operate in the real world and understand the responsibilities each role requires.

CrowdStrike’s University Program welcomes interns across virtually every field to gain this real-world experience. This summer, David Feldman and Chandler McClellan interned for the CrowdStrike threat intelligence and Falcon Adversary OverWatch teams, respectively. Like many cybersecurity pros, both David and Chandler found their way into the industry after first exploring different fields. In this episode, they join Adam to share the details of how they got into cybersecurity, how they discovered CrowdStrike’s internship program and the projects they’ve been tackling as part of the CrowdStrike team.

“You just get to dive in,” says Chandler in this episode. “You feel like you’re doing meaningful work, and you are ... What we’re doing here matters.”

Tune in to learn how CrowdStrike’s interns are aiding in the fight against adversaries, what they consider the coolest parts of their summer roles and more in this episode of the Adversary Universe podcast.

Today’s conversation explores a common question around adversary activity: Why does attribution matter? When a cyberattack hits, why go to the trouble of learning who is behind it? Each attempt at an intrusion can reveal a lot about an adversary — who they are, what they’re doing and what their motivations may be.

This information can not only inform your response to an attack but how you strengthen your security architecture against future attacks. In this episode, Adam and Cristian discuss the importance of knowing who the adversary is and what they’re after.

They go back to the early days of adversary attribution, explain how adversaries are tracked as their activity changes over time and examine the value of this intelligence in helping organizations succeed in the face of evolving cyber threats.

The tool Adam mentions at the end of this episode can be found at https://adversary.crowdstrike.com/

The National Security Agency’s Cybersecurity Collaboration Center (CCC) was created based on a growing need for the public and private sectors to work together and share insights to understand adversaries’ intentions, as well as the scope and scale of their activity. In this special episode of the Adversary Universe podcast, Adam and Cristian are joined by Morgan Adamski, Chief of the CCC and government security expert, onstage at CrowdStrike’s Gov Threat Summit in Washington, D.C.

“We both had different pieces of the puzzle,” said Adamski of the NSA and private sector organizations, which collect different types of data on adversaries and how they operate. In this conversation, she, Adam and Cristian discuss the CCC’s mission and its evolution, explain how it works with private sector partners, and go “around the world” to discuss their observations of modern nation-state adversary activity.

CrowdStrike Chief Security Officer Shawn Henry joined CrowdStrike as employee number 19 after a 24-year career at the FBI, where he retired as the Bureau’s Executive Assistant Director.

Today, he joins Adam and Cristian for a wide-ranging conversation exploring his early days at CrowdStrike and transition to the private sector, his perspective on the 2016 DNC breach and the risks modern elections face. Adversaries have numerous opportunities to sway voters’ opinions — and now they have the technology to wield greater influence through misinformation and disinformation campaigns. “I think we've just scratched the surface with AI from a deepfake perspective,” Shawn says of how artificial intelligence may play a role in this activity. Tune in to hear his perspective, stories and guidance as we navigate this election year.

The days of automated cyberattacks are dwindling: last year CrowdStrike saw a 60% jump in interactive intrusions, a type of attack in which a human is on the other side, working to break in and navigating their target environment as soon as they gain access. Most (75% of) attacks in 2023 didn’t involve malware at all — in nearly all cases, the adversary relied on identity-related techniques or exploited an unmanaged device.   The threat landscape is constantly evolving as adversaries explore new tactics. And as the CrowdStrike 2024 Global Threat Report shows, a lot can change in a year. We’re seeing more adversaries, operating at greater speed and conducting more attacks than ever.   In this episode, Adam and Cristian reflect on the early days of the Global Threat Report and examine the key findings of this year’s report. Highlights include:

• 62 minutes: The average time an adversary needs to move from an initial access point to another host in the target environment
• 232: The number of adversaries CrowdStrike tracks
• 75%: The year-over-year increase in attacks targeting cloud environments
• 76% increase in postings on data leak sites

Download your copy of the CrowdStrike 2024 Global Threat Report today at crowdstrike.com/global-threat-report

CrowdStrike has long said, “You don’t have a malware problem — you have an adversary problem.” Much like we analyze the malware and tools used in cyberattacks, we must also learn about the people who orchestrate them. Adam and Cristian are joined by Cameron Malin, a behavioral profiler who specializes in understanding adversaries and the “why” behind their activity. Cameron built the FBI’s Cyber Behavioral Analysis Unit, which works to understand the motivations for cybercrime across different types of offenses and has focused for years on exploring why adversaries do what they do. In this episode, he discusses how the discipline of cyber behavioral profiling emerged, how experts approach interviewing and analyzing adversaries, and the “dark triad” and “dark tetrad” of personality traits commonly observed in cyberattacks.

Though the inner workings of North Korea remain a mystery to much of the world, its global cyber activity has been tracked and analyzed for years. CrowdStrike’s Counter Adversary Operations team, which tracks five North Korean threat actors, has a unique perspective on the country’s evolution as a global cybersecurity threat and the many ways it has used cyber capabilities to achieve its goals.

In this episode, Adam and Cristian trace the history of North Korean cyber operations from its early days of destructive attacks to its focus on financial gain and espionage. Tune in for the answers to questions such as: How does North Korea discover its cyber talent? When did it pivot to cryptocurrency theft? And why does CrowdStrike track North Korean adversaries under the name CHOLLIMA? Come for the history, stay for Cristian’s singing skills in this conversation about the complex and changing world of North Korean cyber activity.

 

Check out some the CHOLLIMAs we track here: 

• https://www.crowdstrike.com/adversaries/silent-chollima/
• https://www.crowdstrike.com/adversaries/labyrinth-chollima/
• https://www.crowdstrike.com/adversaries/ricochet-chollima/
• https://www.crowdstrike.com/adversaries/velvet-chollima/
• https://www.crowdstrike.com/adversaries/stardust-chollima/ 

Cristian is joined by CrowdStrike Global CTO Elia Zaitsev to revisit the world of AI and large language models (LLMs), this time from the perspective of modern defenders.

While this space has seen explosive growth in the past year, most organizations are still working to determine how LLM technology fits into their cybersecurity strategies. In this episode, Cristian and Elia unpack the rapid evolution of AI models — a trend the two consider both exciting and frightening — and examine how LLMs are empowering defenders, their effect on automation in the enterprise and why humans will continue to be part of the picture even as AI-powered tools evolve.

Additional Resources:

• Five Questions Security Teams Need to Ask to Use Generative AI Responsibly
• Introducing Charlotte AI, CrowdStrike’s Generative AI Security Analyst: Ushering in the Future of AI-Powered Cybersecurity

In mid-December 2023, an adversary CrowdStrike tracks as VOODOO BEAR targeted Ukrainian telecom provider Kyivstar, wreaking havoc and disrupting thousands of systems and assets.

The Russia-linked adversary has for years treated Ukraine as its “lab of offensive cyber operations”, testing attack techniques and demonstrating the destructive behavior it has become known for since it emerged in late 2010.

In this episode, Adam and Cristian dive into the details of the recent Kyivstar attack and how it aligns with VOODOO BEAR’s history of disruptive cyberattacks, both in Ukraine and around the world. They also pull back the curtain on the broad, complex history of Russian intrusion operations, shedding light on adversaries operating within the country and what has motivated them over the years.