Name: SEC Cybersecurity Rule Compliance Through Effective Disclosure Controls
Start: 2023-10-31T16:00:00Z
End: 2023-10-31T16:01:03.000Z
Location: BrightTALK
Rating: 4.7

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is part of Google Cloud.

A sophisticated threat actor, UNC3944 (also tracked as Scattered Spider and 0ktapus), is executing highly effective attacks against corporate networks, culminating in ransomware deployment directly from the VMware hypervisor. Their campaign bypasses traditional security tools by avoiding malware in the initial stages and exploiting a critical visibility gap: the inability of Endpoint Detection and Response (EDR) to monitor the vSphere control plane.

The attack begins with clever social engineering of an IT helpdesk to gain an initial foothold in Active Directory. From there, the actor "lives off the land," using legitimate administrative tools to pivot from AD to the vCenter Server. By gaining control of the virtual infrastructure, they can perform offline data exfiltration, sabotage backups, and encrypt entire datastores from the ESXi hosts, rendering in-guest security agents powerless.

This webinar provides a deep dive into the five distinct phases of UNC3944's proven playbook. We will dissect their tactics, techniques, and procedures (TTPs) and present a fortified, three-pillar defense strategy focused on proactive hardening, architectural integrity, and advanced detection. Join us to learn how to protect your most critical infrastructure from this immediate and growing threat.

From Helpdesk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

Join Google Cloud Security Threat Intelligence Analyst Yihao Lim, for a threat briefing on UNC3886, the sophisticated cyber espionage group recently identified as targeting national critical information infrastructure.

We will explore:
- The unique characteristics that define UNC3886's attack campaigns.
- Common vulnerabilities and vectors exploited by the group.
- Strategies and best practices for detecting and defending against similar advanced persistent threats.

UNC3886 Threat Intelligence Briefing

Únase a uno de nuestros mejores investigadores de Google Threat Intelligence para una sesión en vivo paso a paso sobre threat hunting con Google Threat Intelligence. Durante la sesión, se abordarán casos prácticos reales y recientes sobre cómo realizar threat hunting y usar la API de Google Threat Intelligence para automatizar investigaciones con el objetivo de:
*Identificar patrones
*Consultas a escala
*Entender los datos

Para conseguirlo, utilizaremos como ejemplo un caso real de una campaña de phishing masiva reciente.

Threat Hunting con Google Threat Intelligence, Episodio 4 (Versión en Español)

Join one of our top Google Threat Intelligence researchers for a step by step LIVE session on Threat Hunting with Google Threat Intelligence. During the session, real-life and recent case studies will be covered on how to conduct threat hunting and use the Google Threat Intelligence API to automate the research, with the goal of:
*Identifying patterns
*Querying at scale
*Understanding the data

To achieve this, we will use as an example a real case of a recent massive phishing campaign.

Threat Hunting with Google Threat Intelligence, Episode 4

Join this next session in the Google Threat Intelligence Use Cases Series where our experts will provide a deep dive into the private scanning module. We will explore its core functionality and use cases and share practical examples on how cyber security analysts can customize the tool to maximize its effectiveness for their specific needs.

What is Private Scanning?

Private Scanning allows you to analyze files and URLs with Google Threat Intelligence in a privacy preserving fashion. Files and URLs uploaded aren't shared with anyone beyond your organization, and remain in Google Threat Intelligence only for a brief period of time. 

Register now to learn:

*Fundamental concepts, key features, and benefits about Private Scanning.
*Analyzing files with Live Interaction.
*Investigating Onion’s URLs.
*Other strategies and best practices for cyber analysts

Unveiling the power of private scanning in Google Threat Intelligence

In today's complex threat landscape, anticipating and neutralizing cyberattacks is essential. Google Threat Intelligence provides the visibility and insight needed to proactively defend against emerging threats and mitigate operational risk.

Join our Google Threat Intelligence subject matter experts for an informative demonstration exploring how you can:
*Gain Comprehensive Threat Visibility: Access timely intelligence derived from Google's global infrastructure and frontline expertise, including high-fidelity Indicators of Compromise (IoCs), threat actor Tactics, Techniques, and Procedures (TTPs), and malware analysis relevant to your industry.
*Achieve Proactive Threat Detection: Utilize advanced analytics and machine learning to identify, prioritize, and respond to potential threats before they impact your organization.
*Operationalize Actionable Intelligence: Convert raw threat data into clear, actionable insights seamlessly integrated into your security workflows, enabling informed decision-making and effective risk reduction.

During this live session, you will:
*Witness Google Threat Intelligence capabilities in action.
*Understand the different Google Threat Intelligence offerings to determine the best fit for your needs.
*Engage with our threat intelligence specialists during the session.

You will walk away from this webinar equipped with actionable strategies to strengthen your security posture and safeguard critical assets using Google Threat Intelligence.

Who should attend:
Cyber Security Threat Intelligence & SOC Analysts, Engineers, Architects

Proactive Defense: Leveraging Google Threat Intelligence [June 5, 2025]

Join the authors of the M-Trends 2025 Special Report for an insightful webinar series on the latest global cyber trends and attacker tactics. Based on Mandiant's frontline incident response and threat intelligence from January 1, 2024, to December 31, 2024, this series offers a comprehensive view of the evolving cyber threat landscape. Expert analysts will unpack trending metrics, adversary behaviors, and provide actionable insights for your security strategy.

In this webinar Mandiant experts will provide detailed analysis on cloud compromise including: 

*The danger of unsecured data repositories
*The evolution of data theft in cloud and software as a service environments
*Common themes in cloud compromise investigations

Lessons from Cloud Compromise: A Deep Dive into M-Trends 2025

The transformative potential of AI demands robust security and Google Cloud is uniquely positioned to help organizations accelerate their AI journey by providing capabilities to holistically manage risk across the AI lifecycle. Join this session to learn about how you can securely navigate the evolving AI landscape with new AI Protection capabilities, including Model Armor, our LLM guardrails solution, which allows organizations to apply security and safety controls to gen AI applications.

Managing AI Risk with Confidence

Join our Google Threat Intelligence webinar designed to keep you informed on newly available features and the upcoming 2025 roadmap. 

In this session you will learn:

*The latest Google Threat Intelligence news and updates
*Tips & tricks for effective platform use
*Preview the 2025 roadmap
*Get your questions answered in a live Q&A.

Presenters:

Paloma Echevarría Dópido, Product Manager, Google Cloud 
Sara Ouled, Technical Product Growth Team, Google Cloud

Check out these resources for additional information Google Threat Intelligence:

*Web page: https://cloud.google.com/security/products/threat-intelligence
*Use cases webinar series: https://www.brighttalk.com/series/6490

Google Threat Intelligence News & 2025 Roadmap

In this webinar, Google Threat Intelligence Group (GTIG) analysts will discuss their recent analysis of tracked zero-day exploitation in 2024. GTIG tracked 75 zero-day vulnerabilities exploited in-the-wild in 2024.

Join Casey Charrier, Senior Vulnerability Intelligence Analyst, and James Sadowski, Principal Analyst, as they discuss year-over-year zero-day trends in addition to highlights from 2024’s zero-day activity. We’ll discuss who and what is getting targeted, major trend shifts, and expectations for future zero-day exploitation.

In this webinar, we will discuss: 

*Key factors that drive zero-day exploitation as it continues to grow, including a look at growth in zero-day exploitation over time
*Exploitation trends, including the increase in enterprise product targeting and a simultaneous drop in historically popular targets
*The landscape of which actors are driving zero-day exploitation
*Best practices for how defenders can mitigate the threat from this activity

Presented by:

Casey Charrier, Senior Vulnerability Intelligence Analyst, Google Threat Intelligence Group
James Sadowski, Principal Analyst, Google Threat Intelligence Group

Analysis of 2024 Zero-day exploitation and best practices for defenders

Proactive Defense: Leveraging Google Threat Intelligence [May 22, 2025]

The Mandiant M-Trends 2025 report sheds light on the persistent and evolving landscape. This webinar will provide a detailed analysis of two crucial trends:

*The Insider Threat from North Korean IT Workers: Discover the sophisticated methods employed by North Korean IT workers to infiltrate organizations as remote employees. We will examine their motivations for generating revenue and the inherent insider threat risks they introduce across various sectors. Learn strategies for detection and mitigation.

*A Review of Iran's 2024 Cyber Threat Activity: This session will dissect the key cyber operations and trends attributed to Iranian threat actors in 2024. We will analyze their targeting patterns, the evolution of their tactics and tools, and the geopolitical context driving their activity. Understand the implications for organizations and how to adapt your defenses.

Speakers:
Ofir Rozmann, Trust & Safety, Google Cloud
Josh Atkins, Tech Lead, Google Cloud 
Brad Curtis, Strategic Consulting Senior Manager, Google Cloud

M-Trends 2025:  North Korean IT Worker Insider Threats and the 2024 Iranian Threat Landscape

In light of the recent high-profile attacks on US and UK retail, we’re hosting this webinar on UNC3944, aka Scattered Spider. Get insight on the actor and expert advice on hardening your enterprise.

From late 2024 through early 2025, Google Threat Intelligence Group observed a decline in activity conducted by certain threat clusters, such as UNC3944 and UNC3786, associated with the underground community known as "The Com." Some of these threat clusters, including UNC3944, overlap with public reporting on Scattered Spider, which may be behind recent ransomware attacks impacting the UK retail sector. We recently observed activity using similar TTPs impacting US organizations operating in multiple sectors including retail. Preliminary analysis indicates that there are TTP overlaps with prior activity originating from threat clusters associated with The Com, but attribution to specific threat clusters is still ongoing at this time.

Threat actors associated with The Com have historically been aggressive, creative, and particularly effective at circumventing mature security programs. They have had a lot of success with social engineering and leveraging third parties to gain entry to their targets. Mandiant has provided a hardening guide based on our experience with more details on their tactics and steps organizations can take to defend themselves.

This webinar will provide critical insights and actionable recommendations to defend against the evolving tactics of UNC3944 and related groups. Drawing from extensive experience responding to this actor, we will prioritize key areas for proactive hardening across your enterprise, including: 

*Enhancing Identity Security
*Fortifying Endpoints & Cloud Resources
*Strengthening Network Defenses
*Boosting Monitoring and Detection
*Cultivating Social Engineering Awareness

Proactive defense against UNC3944: Hardening your enterprise

Join us for an insightful webinar highlighting two cyber threat trends identified in the Mandiant M-Trends 2025 report. 

This session will delve into two significant areas:

*The Growing Risk Posed by Infostealer Malware: Understand the increasing prevalence of infostealer malware, its evolving tactics, and the significant impact it has on organizations across industries. Learn effective detection, mitigation, and prevention strategies.

*Threats to Web3 and Cryptocurrency: Explore the emerging and persistent threats targeting the Web3 and cryptocurrency space. Gain insights into the specific vulnerabilities being exploited, the threat actors involved, and best practices for securing your digital assets and navigating this evolving landscape.

Speakers:

Adrian Hernandez, Senior Threat Analyst, Google Cloud
Joe Dobson, Principal Analyst, Google Cloud
Andrew Kopcienski, Principal Analyst, Google Cloud

M-Trends 2025: Infostealer Malware and the Threats to Web3

Amidst the hype surrounding AI-driven cyber threats, what's actually happening in the wild? Join Google Threat Intelligence experts as they move beyond theoretical discussions of abuse of AI, drawing on real-world observations of how government-backed threat actors have attempted to misuse Google’s AI-powered assistant Gemini for cyber attacks and information operations. Our goal is to shed light on these activities with security professionals to raise awareness and enable stronger protections for all. 

Attendees will gain insights into:

*Specific cases of attempted misuse of Gemini by Chinese, Iranian, North Korean, and Russian government backed actors.
*How AI is being leveraged  across various stages of cyberattacks, from initial reconnaissance to post-compromise activities.
*In-depth analysis of government-backed threat activity and if it represents novel or unique AI-enabled attack or abuse techniques.

Presenters:

*Jamie Collier, Lead Threat Intelligence Advisor (Europe), Google Threat Intelligence Group
*Aurora Blum, Threat Intel Analyst, Google Threat Intelligence Group
*Bart Inglot, Security Engineer, Google Threat Intelligence Group

Adversarial misuse of generative AI: Analysis beyond the hype

The M-Trends 2025 Report offers a deep dive into the latest global cyber trends and attacker tactics. Based on Mandiant's frontline incident response and threat intelligence from January 1, 2024 to December 31, 2024, this report helps readers stay ahead of the curve by providing insights on the evolving cyber threat landscape.

Join our expert threat analysts on May 13th as they unpack these trending metrics and significant adversary behaviors, and learn how these findings can enhance your security strategy against future attacks.

Topics will include:
*Incident response metrics, including top detection sources and initial infection vectors
*Industry targeting trends

Speakers:
Kirstie Failey, Principal Threat Analyst, Google Cloud
Kelli Vanderlee, Senior Manager, Google Cloud
Alexa Rzasa, Product Marketing Manager, Google Cloud

M-Trends 2025: By the Numbers

Proactive Defense: Leveraging Google Threat Intelligence [May 8, 2025]

Tabletop exercises (TTXs) help organizations evaluate their response to cyber threats, but they can also inform proactive security efforts. This webinar is designed for security teams looking to connect strategic technical exercises with operational defense. Mandiant experts will walk through the process of developing a tabletop exercise and using its scenarios to build a targeted threat hunt.

You will learn how to:
*Design a tabletop exercise
*Extract useful insights
*Apply insights in a structured threat-hunting approach

Presenters: 

Alishia Hui, Sr. Consultant, Mandiant, Google Cloud
Muhammad Muneer, Principal Security Consultant, Mandiant, Google Cloud
Tanya Wilkins, Product Marketing Manager, Security, Google Cloud (Moderator)

From tabletops to threat hunting: Leveraging tabletop exercises for proactive defense

This webinar will provide an overview of how a comprehensive cyber crisis communications plan and formal disclosure controls are essential to complying with the SEC's new cybersecurity disclosure rule. During the webinar, our panel of cyber security crisis communications and legal experts will cover:

1)  How disclosure controls are essential to determining materiality and timely, and accurately, reporting during a cyber event 
2)  What types of disclosure controls are necessary in the cyber domain and how they impact the materiality determination during an investigation
3)  How to accelerate your cyber crisis communications response strategy by aligning with cyber specific disclosure controls 
4)  The importance of message discipline when responding to a cyber event, now and after the rule comes into effect

This webinar is essential for all U.S public companies responsible for cybersecurity legal compliance and crisis communications and planning. 

By attending, you will learn how to properly disclose a cybersecurity incident and how to annually disclose your organization’s processes for assessing and managing your cybersecurity governance and risks.

SEC Cybersecurity Rule Compliance Through Effective Disclosure Controls

Cyber Incident Response

cyber communications response

Compliance

Legal IT

Cyber Attacks

Cyber Security

Disaster Recovery

Incident Response

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

SEC Cybersecurity Rule Compliance Through Effective Disclosure Controls

Presented by

About this talk

Mandiant | Intelligence and Expertise