Initial Access & Malware Delivery Landscape: Top Threats and TTPs

This webcast provides a broad overview of the top cyber threats currently used to gain initial footholds into victim environments and deliver a wide range of other, usually more impactful malware. Our research into loaders, remote access trojans (RATs), and other initial access threats fills a notable community knowledge gap by aggregating the TTPs associated with newer or resurging threats, including SocGholish, Gootloader, Raspberry Robin, IcedID, BumbleBee, Emotet, and more, and aligning them to a common lexicon (MITRE ATT&CK®) for quicker pivoting into defensive actions. Although many of these threats are responsible for high infection volumes and are notoriously adept at modifying their TTPs, there has yet to be a comprehensive survey of how techniques might be shared (or differ) among the various operations, campaigns, & malware. This session will especially spotlight common early-stage attack techniques and overlaps in second- or later-stage payloads, helping defenders identify opportunities to prioritize their work and make the most efficient use of finite time & resources.