DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!Happy Holidays to all our Cyber Pals!Host Selena Larson, and co-guest ho-ho-ho hosts, Tim Kromphardt & Sarah Sabotka unwrap the surprising (and sometimes clever) ways cybercriminals use seasonal themes to trick both consumers and enterprises.From fake party invites and too-good-to-be-true discounts to holiday-flavored malware and RMM delivery, the team breaks down how threat actors capitalize on increased spending, lower vigilance, and year-end business pressure. They share real examples—like “free Christmas tree” scams, fake travel itineraries, smishing campaigns, and even malware hidden behind a Christmas caroling invitation.You’ll also hear:🎁 Why holiday-themed lures work so well🎁 How scammers tailor their tactics to shifting consumer behavior 🎁 The rise of SMS scams, malvertising, and SEO-poisoned shopping searches 🎁 What enterprises should watch for as employees mix work and personal activity 🎁 Why energy drinks are (shockingly) a hot commodity in cargo theft schemes 🎁 Practical tips to stay safe—whether you’re holiday shopping or closing year-end invoicesBefore you head off for vacation, join us for a fun, insightful, and very festive breakdown of the seasonal threats that might be landing under your digital tree this year.For more information about Proofpoint, check out our website.Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Hello to all our Cyber Squirrels!Host Selena Larson, and guest host, Tim Kromphardt sit down with Tony Robinson — Senior Security Research Engineer and “rule magician” from Proofpoint’s Emerging Threats team. Tony shares the story behind IoT Hunter, an open-source tool he created to automate writing detection rules for Internet of Things (IoT) vulnerabilities.From routers and smart cameras to industrial control systems, Tony breaks down how IoT Hunter helps researchers and defenders cover hundreds of CVEs — from long-forgotten exploits to newly discovered zero-days.The trio dives into:Why IoT devices remain a major attack vector for threat actors and botnetsWhat kinds of vulnerabilities IoT Hunter detects (and how it’s not AI)The surprising persistence of outdated frameworks like Boa HTTPdReal-world examples of IoT exploitation — from ransomware via smart cameras to botnets made of toastersPractical steps anyone can take to secure home and small business devicesThis episode uncovers the risks and realities behind our increasingly connected world — and how automation and community collaboration are helping defenders keep up.Resources Mentioned:community.emergingthreats.nethttps://community.emergingthreats.net/t/iot-hunter-public-release/3024https://community.emergingthreats.net/t/cybersecurity-awareness-month-iot-and-soho-devices/3095For more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Hello to all our Cyber Squirrels! Can hackers make great public servants? Host Selena Larson, and co-guest hosts, Sarah Sabotka and Tim Kromphardt sit down with Andrew Brandt, Founder and Executive Director of Elect More Hackers — a nonprofit on a mission to get more cybersecurity and tech-minded thinkers into elected office.Together, they explore how hackers and technologists can bring their problem-solving mindset into civic life — from teaching digital safety at local libraries to advising lawmakers on cyber hygiene, data privacy, and AI policy. Andrew unpacks why infosec professionals are uniquely equipped to tackle systemic issues like the “enshittification” of online platforms, the right-to-repair movement, and the privacy nightmare of “smart” cars.The conversation dives into the surprising cybersecurity gaps in government, how social engineering and lobbying overlap, and why civic engagement shouldn’t stop at voting. You’ll also hear how even small acts — like community outreach or helping shape local school tech policies — can lead to smarter, safer public systems.Whether you’re a hacker or a policy nerd this episode will inspire you to plug in locally, build trust, and maybe even run for office yourself.🎙️ Tune in to learn:Why hackers and technologists make great problem-solvers in politicsHow policies like right-to-repair and data privacy affect everyonePractical ways cybersecurity professionals can engage civically — even without running for officeThink civic engagement isn’t for you? Think again — this conversation shows how even small actions from tech-minded thinkers can create big change.Resources Mentioned:🔗 Learn more: electmorehackers.comFor more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Hello to all our Cyber Sleuths! Host Selena Larson, and guest host, Sarah Sabotka take you behind the scenes of the ever-changing world of cybercrime—where attackers innovate, scams evolve, and staying one step ahead is a constant challenge.From remote monitoring and management (RMM) abuse to adversary-in-the-middle (AiTM) phishing, web injects, flashy malware lures, and the latest wave of information stealers, we unpack the tactics, techniques, and procedures shaping today’s threat landscape.We talk about:Why attackers are leaning on RMM tools and what you can do to defend yourself or your organization.How MFA-aware phishing kits are evolving and ways to stay secure.New information stealers emerging in the wake of law enforcement disruptions.The role Reddit can play in helping spot real-world scams.The human side of cyber crime, from fraud and job scams to societal pressures driving people into schemes.The exponential growth of web injects and unique social engineeringThe cunning tactics of threat actors like TA582Along the way, we share practical tips for staying safe online—closing suspicious tabs, using MFA, blocking unsolicited links, and even taking mindful breaks from the digital world. This episode helps you understand the chaos of the digital underworld and stay one step ahead—without throwing your phone into the woods.Resources Mentioned:https://www.proofpoint.com/us/blog/threat-insight/remote-monitoring-and-management-rmm-tooling-increasingly-attackers-first-choicehttps://www.proofpoint.com/us/blog/threat-insight/when-monster-bytes-tracking-ta585-and-its-arsenalhttps://www.proofpoint.com/us/blog/threat-insight/amatera-stealer-rebranded-acr-stealer-improved-evasion-sophisticationhttps://www.ftc.gov/system/files/ftc_gov/pdf/csn-annual-data-book-2024.pdfFor more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Hello to all our Pumpkin Spice Cyber Friends! It’s Cybersecurity Awareness Month — and what better way to kick it off than with a deep dive into the human side of cyber threats? In this episode host Selena Larson welcomes back guest and part-time co-host Sarah Sabotka, our “Cybersecurity Awareness Month Queen” and Staff Threat Researcher at Proofpoint. She joins us to break down why social engineering is at the heart of so many attacks.We take a closer look at how scams and social engineering tactics are growing more sophisticated—and how the real battleground isn’t just your inbox, it’s your brain. Our guest explains “amygdala hijacking,” the psychological manipulation behind scams, and why recognizing your emotional responses during suspicious interactions can be just as important as spotting technical red flags. We also focus on protecting some of the most vulnerable—seniors and young digital natives—highlighting community education programs, interactive teen cybersecurity trainings, and strategies for safe social media use, password hygiene, and multi-factor authentication.We also talk about:Why Awareness Month feels different this year and how communicators are packaging complex threat research for real people.The neuroscience behind social engineering (shoutout to Dr. Bob, Proofpoint’s lead cognitive scientist) and a simple, powerful takeaway: trust your gut.Concrete examples: ClickFix scams, deepfakes used against small businesses, LLM-enabled phishing, benign-conversation lures (smishing & job scams), and multi-step attacks that prime victims over time.Practical steps to protect yourself and your org — safe words, pause-and-check habits, and why peer stories beat scary slides.Tune in and learn how to build better cyber awareness for everyone in your life—because cybersecurity isn’t just for IT teams, it’s for all of us.Resources Mentioned:https://www.proofpoint.com/us/resources/threat-reports/human-factor-social-engineeringhttps://www.proofpoint.com/us/blog/security-awareness-traininghttps://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-deliveringhttps://www.clickorlando.com/news/local/2025/02/19/central-florida-wildlife-rescue-falls-victim-to-podcast-scam-warns-others/https://abc7.com/post/scam-texts-targeting-people-looking-jobs-are-rise-ftc-warns/17838427/https://www.cbc.ca/news/marketplace/sextortion-teen-boys-canada-1.7648267https://www.consumerreports.org/media-room/press-releases/2025/10/consumer-reports-study-finds-surge-in-texting-and-messaging-scamsFor more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss.For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠, along with ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat.This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ edition to catch every spicy reaction, every laugh, and maybe even a few tears.So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.

Send us fan mail!Hello to all our Cyber Stars! In this episode host Selena Larson welcomes back guest and part-time co-host Tim Kromphardt, fresh from DEFCON, to explore the world of request-for-quote (RFQ) fraud—a growing scam targeting small- to medium-sized businesses with fake purchase requests and net financing schemes.Tim explains how cybercriminals exploit legitimate business practices to steal physical goods like networking tools, surveillance equipment, and medical devices. Using stolen business credentials, fake domains, and freight forwarding services, these scams combine social engineering with real-world theft. He shares firsthand stories of engaging with scammers directly, taking down fraudulent domains in real time, and even halting shipments in transit.Selena and Tim break down how these schemes operate, the sophistication of scammers and why smaller, specialized companies are often targeted. They also provide practical tips for spotting and avoiding these scams, from verifying domains and emails to independently confirming contacts and addresses.Resources Mentioned:https://www.proofpoint.com/us/blog/threat-insight/net-rfq-request-quote-scammers-casting-wide-net-steal-real-goodsFor more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Hello to all our Cyber Squirrels! In this extra-packed episode of Discarded, host Selena Larson welcomes Proofpoint Principal Research Engineer Jason Ford for his first appearance on the show. Together, they dive into two resurging email attack techniques—Microsoft 365 Direct Send abuse and URL rewrite abuse—and why defending against them requires more than just traditional email security.Jason explains what Direct Send is, why attackers exploit this legacy feature, and how it enables phishing campaigns that appear to originate from inside an organization. From QR code phishing kits to “to-do list” themed lures, Selena and Jason break down attack chains, share real-world examples, and highlight the red flags that indicate exploitation. They also explore how adversaries weaponize URL rewrites in redirect chains, to deliver malware and credential phishing. We also unpack: How Direct Send works under the hood and why legacy features are a prime targetCommon signs in email headers that reveal Direct Send abuseThe role of URL rewrites in modern phishing campaignsWhy credential phishing has overtaken malware as the go-to tacticPractical steps organizations can take—including when it makes sense to disable Direct SendThe importance of layered defenses, user education, and risk awareness across SaaS appsPredictions on which “old school” techniques might resurface nextThis episode offers a clear, actionable look at how threat actors adapt and why everything old in cybercrime eventually becomes new again. Resources Mentioned:https://www.proofpoint.com/us/blog/email-and-cloud-threats/attackers-abuse-m365-for-internal-phishinghttp://www.jasonsford.comhttps://github.com/jasonsford/directsendanalyzer For more information about Proofpoint, check out our website.Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!Hello to all our Cyber Panda Bears! In this extra-packed episode of Discarded, host Selena Larson and guest host, Sarah Sabotka reunite with Staff Threat Researcher Mark Kelly to dive deep into China-aligned espionage activity—this time with a focus on Taiwan’s semiconductor ecosystem and the strange, stealthy tools threat actors are using to get in.Mark walks us through Proofpoint’s latest research on custom malware (yes, “Voldemort” is back), threat clusters with pun-filled names like UNK_SparkyCarp and UNK_DropPitch, and why Taiwan’s chip industry has become such a hot target. From design and manufacturing to financial analysts and supply chains, Chinese state-aligned actors are getting more creative—and more persistent.We also unpack: The “Phish & Chips” campaign and how it fits into China’s broader geopolitical strategy Why pop culture references like Voldemort and Mr. Robot keep showing up in espionage infrastructureAttribution headaches, including Proofpoint’s tracking of multiple unattributed threat clusters with UNK designators How AI, LLMs, and adversary-in-the-middle phishing are influencing espionage tactics The use of RMM tools and spoofed MacOS folders for stealth Why basic backdoors are making a strategic comeback A threat intel team’s deep love for vegetables, puns, and report titlesWhether you're tracking state-sponsored cyber activity, curious about weird malware names, or just here for the expert banter, this episode has you covered.Resources Mentioned:Phish & Chips: Chinese Espionage Activity Targeting Taiwan's Semiconductor EcosystemFor more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!

Joe Wise, a Senior Threat Researcher at Proofpoint, dives into the world of mid-tier eCrime actors, focusing on TA2541, TA558, and the enigmatic TA582. He reveals how TA2541 and TA558 maintain consistent targeting lures while TA582 showcases a multilayered approach with regional flavors, like vintage car sales and fake speeding tickets. The conversation highlights the complexity of TA582’s attack chains and evolving payloads, alongside the collaboration dynamics in the cybercrime ecosystem that resemble an 'Ocean's Eleven' scenario.