Non-members register here:
Friday 16 September 2022, 11am-12noon (BST)
Discover how the Cozy Bear advanced persistent threat (APT) actors use spear-phishing and OneDrive to gain access.
In this talk, we discuss the recent techniques used by APT29, also known as Cozy Bear. The government-sponsored group has been using a spear-phishing campaign with embedded malicious links leveraging legitimate OneDrive functionality to gain an initial foothold into organisations.
We will demonstrate the full attack chain, including how ATPs can abuse the legitimate Microsoft OneDrive Updater to load a Command and Control (C2) Dynamic Link Library (DLL) into a legitimate target process and establish an encrypted backdoor connection into the victim’s system.
Join us to discover the indicators of compromise, how to mitigate these types of attacks, and whether technical perimeters are enough.
If you are a member of ISACA, ICA or The Security Institute, you can earn CPE/CPD points for attending our webinars live. Remember to log your attendance with your provider to be credited.
Guest chaired by
Lee Cramp (info), DPO, DRO and Information Security at Department of Health and Social Care
Sadi Zane (info), Principal Security Consultant, BSI
Review the advice on using Zoom and other webex platforms securely here.