With the growing supply of valuable network-accessible data, network intrusion remains a cheap and risk averse way for threat actors to conduct operations. We can raise the barrier to entry with defense-in-depth, but what happens when we poison the supply? In this talk, we’ll discuss adversary engagement and how we’ve used it to regain the defensive advantage.
MITRE, whose adversary engagement operations go back 10+ years, has joined up with HSBC, who started running operations in the last two years. We’ll introduce the concepts behind adversary engagement and talk about how you can start running your own operations with open-source tools and MITRE’s new adversary engagement framework, Engage (engage.mitre.org). Together, we’ll walk through operation run by HSBC where we engaged with criminal threat actor FIN7, how we aligned the operation against MITRE Engage, and what we learned in the process.
We want to make adversary engagement an accessible and pervasive cyber defense strategy for all. The more adversary engagement operations we run as defenders, the more we collectively raise the cost and reduce the value of operations for our adversaries.