Talk A-1: Multinational Threat Hunting operations to combat growing Threats

The presentation explores the dynamic cyber landscape in Latvia and the profound changes threat hunting has made, since Russia’s full scale invasion of Ukraine in 2022.
Since spring 2022 Latvia has been conducting multinational threat hunting operations in the state sector and critical infrastructure. Collaborating with national institutions themselves, CERT.LV has led operations where experts conduct large-scale host-based analysis operations with the goal of finding malicious activity as well as system hardening. Most of the operations are conducted in partnership with Canadian armed forces, although other nations have also contributed. So far more than 10 threat hunting operations have been conducted, resulting in over 50 000 analysed.
As the global geopolitical situation shifted, so did the nature and magnitude of cybersecurity threats faced by the Baltic nations, including Latvia. This presentation delves into the evolution of threat hunting strategies and practices in Latvia, shedding light on the key drivers, challenges, and innovative approaches that have emerged in response to the changing threat landscape.
Topics that will be touched upon include; the war's impact on Latvia's cybersecurity posture, adaption and resilience to new and emerging threats, development of threat intelligence and hunting capabilities, international cooperation as well as real-world examples of successful threat hunting operations.
This talk will highlight specifically how threat hunting processes are conducted, the importance of collaboration, transparency, maturity and responsibility between national CSIRTs and the institutions of a nation state, and how Latvia has managed to strengthen alliances between nation states, collaborating in threat hunting operations in Latvia.