Will Baggett, CCEE, CFE
Conti Leaks and CARVER Analysis for Threat Intel Analysts
Will Baggett will discuss how the Cybersecurity community can apply the CARVER methodology and principles to processing breached data from advanced persistent threats and ransomware groups. Will draws from his experience as a former CIA officer specializing in Technical and HUMINT Operations and NATO SOF Cyber Security SME to apply the battlefield triage mindset to critical Cyber Threat Intelligence duties. The methodology does not rely on third party vendor tools or subscriptions, but rather, introduces the awareness and vulnerability of key data in a corporation.
In 2022, the Conti ransomware group's inner chat room discussions were leaked by a dissenting member of the group due to the Russian invasion of Ukraine. As a former intelligence officer of 20 years, I applied the CARVER vulnerability assessment model to the leaked data to rapidly assess the potential risk posed to my large financial firm's enterprise model. This talk will share the methodology applied and the steps taken to maximize the intelligence value of this rare event.