The epidemic of zero-day exploits has led to widespread outages data breaches, especially when third- and fourth- party suppliers get hacked. Security teams have little visibility and often find out about vulnerabilities, exploits, and supplier compromises far too late. Moreover, when suppliers get hacked, responsibility for covering downstream response costs may be unclear, and insurance coverage is often limited at best.

For example, in the case of MoveIt, attackers exploited file transfer servers at PwC, E&Y and others, which created ripple effects for customers and THEIR customers. Similarly, in the case of Colonial Pipeline, the shutdown affected gas stations that had only indirect relationships with the victim.

In this fast-paced talk, we'll dissect real “next-gen” DFIR cases involving zero-day exploits and supplier compromises, including practical guidance for adapting your response processes to meet today’s global threats. This will include a walkthrough of the recent MoveIt zero-day exploits, as well as prior cases associated with the same attackers (the Clop ransomware gang). We’ll also review case studies such as Log4j, Exchange, Colonial Pipeline, and more.

We are on the precipice of seeing major changes to standard response best practices. All of us need to expand DFIR processes to account for mass 0-day exploits and supplier compromises. This includes strategies for threat intelligence, methods for obtaining early information about a potential incident, obtaining and vetting IoCs, risk evaluation strategies, and more. We also need to integrate threat hunting into response operations and prepare for potential unexpected law enforcement access to systems. Join us and get practical strategies for adapting your DFIR response best practices to reflect today’s increasingly interconnected threat landscape.