Red Canary is a proud sponsor of ATT&CKcon 6.0
Conference Talk
Paste and rundown: Tracking and clustering ClickFix campaigns
Paste and run (aka ClickFix, fakeCAPTCHA) has been one of the most successful initial execution vectors in the past year, and it’s only getting more popular. From its first reported use in March 2024 to the March 2025 addition of T1204.004 User Execution: Malicious Copy and Paste to MITRE ATT&CK, Red Canary has seen our fair share of users tricked into copying, pasting, and executing malicious code via T1204.004. I’ll dig into some of the threat intelligence challenges we faced tracking and clustering this threat from an endpoint perspective, and share how leveraging its ATT&CK technique helped us. Attendees will learn about the Red Canary threat intel team’s research into this threat over the past year and walk away with practicable detection opportunities.
Meet The Speaker
Stef Rand
Senior Intelligence Analyst
Conference Talk
The never-evolving threat landscape: Forever techniques and the illusion of change
“The ever-evolving threat landscape” is one of the most overused clichés in the security industry. It’s so ubiquitous that LLMs lead nearly every prompt response with some iteration of those five words. Unfortunately (or maybe fortunately), it doesn’t reflect reality. The threat landscape isn’t ever-evolving. If you track MITRE ATT&CK® technique abuse over time, you’ll find that adversaries largely leverage the same small set of techniques—and have for years.
Threat names change, but the objectives of those threats and the capabilities they deploy are stagnant. There’s a strong illusion of change in adversary behavior propped up by new technologies, the vagaries of visibility, and our collective obsession with sophistication and novelty. You’ll read new articles about staggering breaches, but the technical details often reveal a pattern of well-worn tactics, techniques, and procedures. You’ll read news articles about fantastical targeted attacks, but if you read below the fold or between the lines, you’ll realize the adversary was after a specific organization for a specific reason.
In this talk, I will use operational data and historical examples to argue that the past is indeed a good predictor of the future, and enumerate the ATT&CK techniques that organizations should prioritize.