Scribd
Upload
59 views31 pages

Marcus Hutchins Webinar

The document discusses the importance of mastering endpoint security, featuring insights from cybersecurity experts Marcus Hutchins and Romanus Prabhu. It highlights the lessons learned from significant ransomware attacks like WannaCry and NotPetya, emphasizing the need for improved patch management and proactive defense strategies. The document also outlines the evolving tactics of attackers and the necessity for organizations to implement structured response plans and advanced detection and response technologies.

Uploaded by

Saikat Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
59 views31 pages

Marcus Hutchins Webinar

The document discusses the importance of mastering endpoint security, featuring insights from cybersecurity experts Marcus Hutchins and Romanus Prabhu. It highlights the lessons learned from significant ransomware attacks like WannaCry and NotPetya, emphasizing the need for improved patch management and proactive defense strategies. The document also outlines the evolving tactics of attackers and the necessity for organizations to implement structured response plans and advanced detection and response technologies.

Uploaded by

Saikat Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Think like an Attacker,

Defend like a Pro


Mastering Endpoint Security

Featuring
Marcus Hutchins Romanus Raymond Prabhu
CyberThreatIntelligenceResearcher DirectorofTechnology,ManageEngine
Marcus Hutchins
CyberThreat Intelligence Researcher| Former Hacker | Malware Analyst

Renowned for halting the global WannaCry ransomware outbreak, Marcus


Hutchins brings over a decade of experience in threat intelligence, malware
analysis, and reverse engineering. A former hacker turned defender, he
specializes in tracking advanced threat actors and dismantling complex
cyberattacks.

Today,Marcus helps organizations stay ahead of evolving threats by


translating complex technical insights into clear, actionable strategies. As a
speaker and educator, he shares his expertise through keynotes, training
sessions, and online content — empowering the next generation of
cybersecurity professionals.
Romanus Prabhu Raymond
DirectorofTechnology,ManageEngine

As Director of Technologyat ManageEngine, Romanus Prabhu ensures a


seamless experience for global customers using unified endpoint management
and security solutions. He leads onboarding, training, and support initiatives,
while also championing endpoint security as a passionate evangelist. Romanus
actively evaluates new technologies and applies industry best practices to drive
product quality and business impact.
WannaCry: The wake-up call we didn’t answer.
WannaCry - A TurningPoint in Cybersecurity

Exploited a known vulnerability: EternalBlue (SMBv1)

No user interaction required - spread autonomouslyacross networks

A patch was availabletwo months beforethe attack

The attackwas halted using a domain-based kill switch

Similar propagation methods are still used in modern ransomware

Highlights systemic gaps in patching and endpointvisibility


Following in WannaCry’s Footsteps: The NotPetya
Escalation

Launchedjust weeks afterWannaCry, using similartechniques

Exploited EternalBlue but added credential theft (Mimikatz-style tools)

Used PsExec and WMI for lateral movement across networks

Delivered via a compromised Ukrainian accountingsoftware - a supply chain attack


Failures That Still Persist

WannaCryand NotPetya exploited known vulnerabilitiesforwhich patches were

already available

Both attacks revealed critical gaps in patch management and endpointvisibility

Yearslater, the MOVEit breach followed the same trajectory

Despite differentthreat actors and techniques, the root failures were the same
What are attackers doing differently now?
The RaaS Ecosystem:
Roles Behind the Ransom
Everyone’s a TargetNow

LockBit’s affiliate model proved both strategies can succeed:

Attacking large enterprisesfor multi-million payouts

Targetingdozens of SMBs forsteady,smaller gains

Automation and scale made mass exploitation viable

Data becamethe new currency - not companysize


The Expanding Cost of a
Ransomware Breach

Ransomware is treated as a national securitythreat

Governments are sanctioning groups, seizing infrastructure, and enforcing policy

Ransom payments may breach international laws

Victims face regulatoryfines, lawsuits, and reputational damage

Repeat extortion: data leaks, third-partypressure, public exposure


Change Healthcare, 2024
What makes an organization a target?
Understanding Attacker Behavior

Defenders rely on static controls; attackers adapt in real time

Behavioral consistency across environments helps attackers scale exploits

Patching patterns, naming conventions, and exposed misconfigurations are mapped and reused

Attacks are increasinglybased on reconnaissance, not bruteforce


Common Endpoint Attack Vectors
What more should an Organization be doing?
Offense in Depth
1 If I wanted to stay hidden in this network,whattechniqueswould I use?

2 If I got accessto a developer’smachine, howwould I persistor move laterallywithouttriggeringalarms?

3 Ifthisorg iscloud-heavy,where are the weakconfigurations?WhichAPI tokenscould I quietlyabuse?

4 What happensin an assumed-breachscenariowhere an attacker isgivenaccessto a corporateendpointorserver?

5 What happensifthe EDRor MDRsolutionfailsor isdisabledon an endpoint?

6 What happensifan attackerobtainsvalid usercredentials?


Playbooks, Mock Drills &
Resilience Planning

Structured response playbooks: ensure repeatable, consistent incident handling

Regular mock drills (every 6 months): simulatefull attack lifecycles

Testbackups regularly- ensure RecoveryTime Objective (RTO) is realistic

Include edge-casescenarios (e.g., what if endpoint agents fail?)

Plan forworst-case: restoreworkflows, not just data


EDR and Beyond

Detects known and unknown threats through behavior analysis

Automates response: isolates systems, kills processes, blocks network access

Supports rollback and remediationvia secure, tamper-proofbackups (e.g., VSS)

Ensures lowfalse positives and minimal performance overhead


Operationalized Defense
Any Questions?
Join us for Part 2 of the webinar series
and stand a chance to win Apple AirPods Ø<ߧ
Thank you

For Queries mail us at: [email protected]

You might also like