To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Cyber Risk
Content provided by Team Cymru. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Team Cymru or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Future of Threat Intelligence »
Team Cymru's Threat Researchers on Operation Endgame Intelligence

27:54
 
Play
Playing
Share
 

MP3Episode home
Manage episode 494993732 series 3505151
Content provided by Team Cymru. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Team Cymru or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Team Cymru's threat researchers have spent years developing an almost psychological understanding of cybercriminals, tracking their behavioral patterns alongside technical infrastructure to predict where attacks will emerge before they happen. Josh and Abigail share with David how their multi-year tracking of Russian cybercrime groups enabled critical contributions to Operation Endgame. Their work demonstrates how sustained intelligence gathering creates opportunities for law enforcement victories that reactive security cannot achieve.

Drawing from Josh's eight years at Team Cymru and background in law enforcement national security investigations, and Abigail's specialization in Russian cybercrime tracking, they reveal how NetFlow telemetry provides unprecedented visibility into criminal operations. Their approach goes far beyond traditional indicator-based threat intelligence, focusing instead on understanding the human patterns that drive criminal infrastructure deployment and management.

Topics discussed:

  • The evolution of Team Cymru's threat research mission from ad hoc investigations to formalized self-tasking teams.
  • How NetFlow telemetry enables upstream infrastructure mapping that reveals criminal backend systems invisible to traditional security tools.
  • The behavioral analysis techniques that distinguish between different criminal operators based on work schedules, personal browsing habits, and infrastructure access patterns.
  • Why collaboration between private sector researchers and law enforcement requires transparency and trust-building rather than hoarding intelligence behind restrictive sharing classifications.
  • How Operation Endgame demonstrated the effectiveness of combining multiple organizational perspectives on the same threats, with each contributor providing unique visibility into different attack components.
  • The measurement challenges in threat research success when outcomes depend on external decision-makers and sensitive operations may not publicly acknowledge private sector contributions.
  • Why financially motivated threat actors are shifting from mass spray-and-pray campaigns to more targeted, higher-payout operations.
  • How click-fix attacks exploit human psychology by convincing victims to execute malicious commands themselves.
  • The dual-edged impact of AI on cybercrime, lowering barriers to entry for malicious actors while simultaneously enabling more sophisticated social engineering and automation capabilities.
  • Why security awareness training must evolve beyond identifying typos and obvious phishing indicators to address AI-generated content and sophisticated impersonation techniques.

Key Takeaways:

  • Build long-term tracking capabilities that focus on understanding threat actor behavior patterns rather than chasing individual indicators or campaigns.
  • Implement NetFlow telemetry analysis to identify upstream infrastructure connections that reveal criminal backend systems before they're deployed operationally.
  • Develop collaborative relationships with law enforcement and private sector partners based on transparency and shared mission objectives.
  • Create threat research teams with self-tasking authority to focus on societally important threats rather than customer-driven priorities that may miss critical criminal activity.
  • Establish behavioral profiling techniques that distinguish between different criminal operators based on work patterns, personal interests, and infrastructure access methods.
  • Invest in sustained intelligence gathering capabilities that track threat actors across multiple campaigns and infrastructure changes over extended periods.
  • Prepare for the increasing sophistication of click-fix attacks by educating users about command execution risks and implementing controls that detect suspicious copy-paste activities.
  • Develop AI-aware security awareness training that addresses deepfake voice calls, sophisticated impersonation techniques, and realistic-looking malicious websites.
  • Build measurement frameworks for threat research success that account for external decision-making timelines and sensitive operation requirements.

Listen to more episodes:

Apple

Spotify

YouTube

Website

  continue reading

93 episodes

#Cyber Risk
Artwork

Team Cymru's Threat Researchers on Operation Endgame Intelligence

Future of Threat Intelligence

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 494993732 series 3505151
Content provided by Team Cymru. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Team Cymru or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Team Cymru's threat researchers have spent years developing an almost psychological understanding of cybercriminals, tracking their behavioral patterns alongside technical infrastructure to predict where attacks will emerge before they happen. Josh and Abigail share with David how their multi-year tracking of Russian cybercrime groups enabled critical contributions to Operation Endgame. Their work demonstrates how sustained intelligence gathering creates opportunities for law enforcement victories that reactive security cannot achieve.

Drawing from Josh's eight years at Team Cymru and background in law enforcement national security investigations, and Abigail's specialization in Russian cybercrime tracking, they reveal how NetFlow telemetry provides unprecedented visibility into criminal operations. Their approach goes far beyond traditional indicator-based threat intelligence, focusing instead on understanding the human patterns that drive criminal infrastructure deployment and management.

Topics discussed:

  • The evolution of Team Cymru's threat research mission from ad hoc investigations to formalized self-tasking teams.
  • How NetFlow telemetry enables upstream infrastructure mapping that reveals criminal backend systems invisible to traditional security tools.
  • The behavioral analysis techniques that distinguish between different criminal operators based on work schedules, personal browsing habits, and infrastructure access patterns.
  • Why collaboration between private sector researchers and law enforcement requires transparency and trust-building rather than hoarding intelligence behind restrictive sharing classifications.
  • How Operation Endgame demonstrated the effectiveness of combining multiple organizational perspectives on the same threats, with each contributor providing unique visibility into different attack components.
  • The measurement challenges in threat research success when outcomes depend on external decision-makers and sensitive operations may not publicly acknowledge private sector contributions.
  • Why financially motivated threat actors are shifting from mass spray-and-pray campaigns to more targeted, higher-payout operations.
  • How click-fix attacks exploit human psychology by convincing victims to execute malicious commands themselves.
  • The dual-edged impact of AI on cybercrime, lowering barriers to entry for malicious actors while simultaneously enabling more sophisticated social engineering and automation capabilities.
  • Why security awareness training must evolve beyond identifying typos and obvious phishing indicators to address AI-generated content and sophisticated impersonation techniques.

Key Takeaways:

  • Build long-term tracking capabilities that focus on understanding threat actor behavior patterns rather than chasing individual indicators or campaigns.
  • Implement NetFlow telemetry analysis to identify upstream infrastructure connections that reveal criminal backend systems before they're deployed operationally.
  • Develop collaborative relationships with law enforcement and private sector partners based on transparency and shared mission objectives.
  • Create threat research teams with self-tasking authority to focus on societally important threats rather than customer-driven priorities that may miss critical criminal activity.
  • Establish behavioral profiling techniques that distinguish between different criminal operators based on work patterns, personal interests, and infrastructure access methods.
  • Invest in sustained intelligence gathering capabilities that track threat actors across multiple campaigns and infrastructure changes over extended periods.
  • Prepare for the increasing sophistication of click-fix attacks by educating users about command execution risks and implementing controls that detect suspicious copy-paste activities.
  • Develop AI-aware security awareness training that addresses deepfake voice calls, sophisticated impersonation techniques, and realistic-looking malicious websites.
  • Build measurement frameworks for threat research success that account for external decision-making timelines and sensitive operation requirements.

Listen to more episodes:

Apple

Spotify

YouTube

Website

  continue reading

93 episodes

#Cyber Risk

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play