Threat Hunters

Threat hunters are cybersecurity professionals who proactively identify, understand, and neutralize malware threats before they can cause harm. Recently, Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant targeting ESXi environments. In another instance, Aqua Security threat hunters utilized information from vendor honeypots to uncover a malicious campaign. These instances underscore the crucial role of threat hunters in identifying and mitigating threats, often working in tandem with advanced tools and intelligence analysts. CrowdStrike Falcon® Adversary OverWatch threat hunters have identified two adversaries primarily targeting cloud infrastructure. They move across domains, necessitating cloud threat hunters to track lateral movement from cloud to endpoint for rapid response and decisive remediation. CrowdStrike threat hunters also searched for Remote Monitoring and Management (RMM) tools paired with suspicious network connections to uncover additional data and identify suspicious behaviors. A unique challenge was presented by DPRK's Famous Chollima North Korea-nexus adversary, which required sophisticated threat hunting techniques to address an expansive attack campaign. Falcon Complete sets itself apart from most Managed Detection and Response (MDR) services by not only identifying and investigating threats but also performing surgical remediation for endpoints, identities, and cloud workloads. This includes containing hosts, removing malicious artifacts, and restoring systems to their normal state. Although Falcon Adversary OverWatch wasn't specifically evaluated by MITRE, its threat hunters were instrumental in the active evaluation, identifying and reporting steps to MITRE. The combination of human expertise, including incident responders, threat hunters, intelligence analysts, and data scientists, is critical in maintaining robust protection and refining detection capabilities.