A *Virtual* Tour of a Threat Lab

Empty hallway.

THREAT ANALYSIS AND SHARING WEBINAR SERIES

As part of Internews’ work to strengthen threat information sharing across civil society, the MONITOR Project launched the Threat Analysis and Sharing Webinar series to educate and share knowledge around threats and resilience strategies for civil society.  

The first webinar, A *Virtual* Tour of a Threat Lab, was held in October 2019 and moderated by Megan DeBlois, MONITOR Technical Lead, with panelists Eva Galperin (Director of Cybersecurity) and Cooper Quintin (Senior Staff Technologist) from Electronic Frontier Foundation (EFF). During the webinar, panelists explored the processes the EFF team follows when analyzing phishing and malware attacks, with a focus on targeted attacks.

Key Takeaways:

Safe Analysis through Segregation. Segregation is an important concept when dealing with potentially malicious items. Precautions such as Virtual Machines, no network connection, and fully understanding the tools you use are crucial to avoid accidentally tipping off the adversary to your investigation.

Hunt down Threats. Once you have a breadcrumb, search for more! Expand and enrich the indicators you’ve identified to build a more complete picture of the strategy the adversary is using to target the community.

Find a Mentor and Collaborate. Collaboration is an important part of learning. We all start somewhere, so work your way up by learning as much as you can and reaching out to trusted folks like EFF, Internews, and Rob to make sure you are on the right track.

Keep Learning… and then learn some more! Take breaks in between and start up again! There is so much to learn and we can’t know everything, but if you’re interested in building up your threat analysis skill-set, see the resources below for hands-on practice.

Practice in advance. Don’t wait until you have something malicious to practice. If you are interested in phishing analysis, analyze raw email headers to familiarize yourself; if you are interested in forensics, analyze your own computer or hard drive. Start with the safe stuff and work your way up.

FOR MORE INFORMATION, CHECK-OUT THE NOTES FROM THE WEBINAR BELOW!

READ MORE