Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Kevin Mandia on Attacks Against Ukraine and Why They Matter

Mandiant CEO Shares How Russian Wiper Malware Is Evading Ukrainian EDR, Antivirus
Kevin Mandia, founder and CEO, Mandiant at Google Cloud (Image: Mandiant)

Russia has relied on blunt-force cyberattacks in Ukraine to inflict maximum damage rather than turning to new techniques. In many cases, Ukrainian defenders are flying blind because Russian wiper malware is designed to evade most security controls, said Mandiant CEO Kevin Mandia.

See Also: Splunk Named a 10-Time Leader in Gartner® Magic Quadrant™ for SIEM

The Russian foreign intelligence service's cyber operations were less aggressive in other parts of the world in the months following the country's February 2022 invasion of Ukraine, but activity has accelerated recently, according to Mandia. Inside Ukraine, cyber defenders have faced eight or nine different types of wiper malware designed and crafted to evade EDR and antivirus technologies, he said (see: Execs Say Google-Mandiant Deal to Merge Threat Intel, SecOps).

"How do you maintain optimism when all you do every day is figure out, 'Now, what do we do on defense?'" Mandia said. "You're playing goalie, and the offense has unlimited penalty kicks at you. It is exhausting. So how do you find an equilibrium where you can just manage through it at a steady state? What you have to do is keep morale up."

In this video interview with Information Security Media Group, Mandia also discussed:

  • How Russian cyber activity has changed over the course of the Russia-Ukraine war;
  • How Chinese cyber actors have shifted tactics during the war;
  • Why adversary dwell time in victim environments has shrunk significantly.

Mandia has served as CEO since 2016 and led the company's rebranding from FireEye to Mandiant in 2021. He has spent more than 25 years in information security helping make organizations secure from cyberthreats. Mandia has held senior positions in the security consulting divisions of Sytex, acquired by Lockheed Martin, and Foundstone, acquired by McAfee. In the U.S. Air Force, Mandia served as a computer security officer at the Pentagon and later as a special agent in the Air Force Office of Special Investigations.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.