This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit
Thursday 5 October 2023 12:00 - 12:30, Small Talks room
Sara Eberle (Sophos) & Doug Domin (FBI)
This presentation shows how different strands of threat intelligence from the FBI and other law enforcement agencies and private sector cybersecurity companies can help solve cybercrimes and provide better protection for all. While the public and private sectors tend to operate in their own silos, even sharing the smallest amount of data can help shed light on new TTPs and attackers’ organizational and hierarchical layers. The talk will also review ways to deal with press and social media when threat research is available and how it may (positively or negatively) impact an investigation (from both sides). An example is the Genesis Marketplace research from Sophos, which was made public seven months before the FBI’s initial takedown of the site, known as 'Amazon for cybercriminals', at the street level, which has allegedly resurfaced sporadically on the dark web. The FBI will also review a case that has led to an arrest and guilty plea, thanks to private sector and other law enforcement contributions.
The talk will address when and why organizations should collaborate to solve cybercrimes and when it may make sense to go at it alone. Regardless of the approach, the end result should be the same: defeat the bad guys, as best possible, and protect people/businesses from losing their data and assets.
Sara Eberle is Vice President of Global Public Relations and Organic Social Media at Sophos. She has more than 30 years of PR and journalism experience, with 15 of these in the cybersecurity industry. Sara's public relations agency in Los Angeles, California, handled breaking news around the ILOVEYOU virus, which infected more than 10 million personal computers after the virus was released in May 2000. The strategic effort elevated, for the first time, interest in and coverage of nascent Internet-induced cybercrime in US national news outlets, including NBC and The New York Times. Over the years, Sara has worked with countless threat experts around the world. At Sophos, she works closely with the Sophos X-Ops team to uncover and generate awareness of changing attacker TTPs to help defenders defeat adversaries. Sara is also a 2023 graduate of the FBI's Citizen Academy, which provides sessions on cyber and cryptocurrency crimes, white collar and organized crime, and much more, to further her work and expertise as an effective threat intelligence communications strategist.
Doug Domin is a Supervisory Special Agent at the FBI Boston Cyber Task Force. Prior to beginning his career at the FBI, SSA Domin was an incident responder at Sun Microsystems. He entered on duty in September 2002 at the Boston Division and was assigned as a cyber investigator, eventually becoming certified as a technically trained agent and SWAT operator. In 2012, he transferred to FBI Cyber Division in Washington, D.C. and was selected to manage the Cyber Action Team (CAT), a deployable contingent of highly skilled FBI cyber investigators. SSA Domin subsequently served two years as an assistant legal attaché at the U.S. Consulate in Toronto, Ontario. Since 2016, he has worked exclusively on computer intrusion matters, focused exclusively on ransomware and criminal cyber threats. He received his M.S. in cybersecurity, policy & governance from Boston College and holds the CISSP and GRCA industry certifications.