DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!A note to our listeners, this episode contains some content our listeners might find upsetting including mentions of human trafficking. Hello to all our Pumpkin Spice Cyber Friends! Join host Selena Larson  and guest host, Sarah Sabotka as they chat with senior threat researcher and fraud expert Tim Kromphardt. They talk about the world of pig butchering and crypto romance scams, where Tim discusses how these scams manipulate victims' feelings, making it incredibly hard to escape, even when presented with evidence of the scam. And how these threat actors have expanded their enterprises to include job scamming. He explains the challenges of tracking funds through cryptocurrency systems, and why these scams are so profitable.  The episode highlights the need for victims to speak out and share their stories without shame, breaking the cycle and raising awareness.Also discussed:how psychological manipulation can be just as damaging as technical vulnerabilitiesresources for victims, and how people can identify hallmarks of these types of scams the role of automation and AI in scaling scamsResources mentioned:globalantiscam.orgFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

In this engaging conversation, Eilon Bendet, a Cloud Threat Researcher at Proofpoint, shares his expertise on the ever-evolving landscape of cloud security. He dives into account takeovers and the tactics hackers use, including credential brute force attacks and targeted phishing. Eilon highlights the growing challenges posed by state-sponsored actors and sophisticated reverse proxy toolkits. They also discuss the vital role of User and Entity Behavior Analytics in detecting anomalies, emphasizing the need for robust identity defense strategies to combat these cloud threats.

Joe Wise, Senior Threat Researcher, and Kyle Cucci, Staff Threat Researcher, from Proofpoint, dive into the crafty world of cybercrime. They discuss how attackers exploit legitimate services like Google Drive and Dropbox to blend in with normal traffic. Fascinating trends highlight the use of Cloudflare tunnels and malware like Xworm and Venom Rat. They also tackle the complexities of detection and the evolution of threat strategies, revealing the ongoing cat-and-mouse game between cybercriminals and defenders.

Send us fan mail!Hello to all our cyber citizens! Join host Selena Larson and today’s co-host, Tim Kromphardt, as they chat with Joshua Miller, Senior Threat Researcher and Rob Kinner, Senior Threat Analyst both from Proofpoint.With election season on the horizon, cyber attackers are sharpening their tactics—impersonating government agencies, emailing journalists, and crafting sophisticated phishing schemes. But how real is the threat? And what can be done to protect our democracy from the digital shadows? Today, we pull back the curtain on the unseen battles being fought in cyberspace and what it means for voters, journalists, and defenders alike.The discussion covers a range of election threats, from malicious domains, impersonation, and typo-squatting to sophisticated credential phishing campaigns that exploit government and election-related themes.Also discussed:how state-sponsored actors from DPRK, Russia, and China are interested in espionage around election related topics the impersonation of various government entities for phishing purposes, revealing the creativity and resourcefulness of threat actorswhile cyber threats are pervasive, the integrity of the voting process remains strong, backed by robust defenses and ongoing efforts by dedicated professionalsResources mentioned:https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-deliveringhttps://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influencehttps://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalistshttps://www.proofpoint.com/us/blog/threat-insight/media-coverage-doesnt-deter-actor-threatening-democratic-votersFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello to all our mindful and demure cyber sleuths! Join host Selena Larson and today’s co-host, Sarah Sabotka as they chat with Joshua Miller and Greg Lesnewich, Threat Researchers at Proofpoint about the ever-evolving world of advanced persistent threats (APTs).The team unravels the latest espionage tactics of threat actors from Iran, North Korea, and Russia, exploring everything from Iran’s sophisticated social engineering campaigns to North Korea’s customized Mac malware.They also highlight the increasing interest in MacOS malware in the cybercrime landscape and examine examine the threat posed by a group targeting AI researchers with unique malware like "SugarGh0st RAT."Also discussed:the quirky and often amusing names given to malware campaigns in the cybersecurity world.unexpected connections between cybersecurity and pop culture, featuring a discussion on how celebrities like Taylor Swift handle digital security.what recent activity suggests about the actors’ changing tactics.Resources mentioned:SleuthCon Talk: Presenter, Selena LarsonRivers of Phish from CitizenLabhttps://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-deliveringhttps://www.proofpoint.com/us/blog/threat-insight/security-brief-ta450-uses-embedded-links-pdf-attachments-latest-campaignhttps://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykornhttps://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-fundshttps://www.theguardian.com/music/shortcuts/2019/jan/29/digital-security-taylor-swift-facetime-privacy-bug-breacheshttps://www.youtube.com/watch?v=LYHmTjFW-nYhttps://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-weekhttps://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american For more information about Proofpoint,

Eric Geller, a cybersecurity reporter and host of the Hoth Takes podcast, explores the fascinating intersections between Star Wars and cybersecurity. He discusses how iconic moments, like the Rebel infiltration of the Death Star, mirror modern hacking tactics. Geller and co-hosts analyze character traits that resonate with cyber roles, and even contemplate who would be the best CISO in the Star Wars universe. Dive into the lessons of social engineering and strategic vulnerabilities, revealing how a galaxy far, far away holds valuable insights for today’s digital defense.

Randy Pargman, a seasoned Director of Threat Detection at Proofpoint with a background in the FBI, shares his insights on the ongoing battle against cybercriminals. He dives into the DEATH framework, emphasizing the power of Detection Engineering and Threat Hunting. Randy discusses the importance of log data retention to enhance security measures and reveals fascinating stories from his law enforcement days. He also highlights the value of collaboration among teams and shares innovative tactics from Operation Endgame to combat ransomware.

Send us fan mail!Hello, Cyber Stars! In today's episode of the Discarded Podcast, hosts Selena Larson and Pim Trouerbach are joined by Andy Greenberg, Senior Writer at WIRED. Known for his deep dives into the world of hacking, cybersecurity, and surveillance, Andy shares his journey of uncovering and telling compelling stories about the digital underworld.The conversation kicks off with Andy detailing his extensive experience in cybersecurity journalism and his knack for long-form storytelling. He shares insights into his acclaimed Wired article on the Mirai botnet hackers and discusses his latest book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. We also talk about: the intricate world of cryptocurrency and its unintended consequence of fueling ransomware attacks the rise of pig butchering scams, now dwarfing ransomware in financial impactthe ethical dilemmas and real-world consequences of cybercrimeResources mentioned:Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy GreenbergTracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberghttps://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/https://www.wired.com/story/crypto-home-invasion-crime-ring/https://www.wired.com/story/tigran-gambaryan-us-congress-resolution-hostage-nigeria/ For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Check out new episodes of Only Malware in the Building wherever you listen to podcasts:https://thecyberwire.com/podcasts/only-malware-in-the-building

Send us fan mail!Hello, Cyber Pirates! In today's episode of the Discarded Podcast, hosts Selena Larson and Tim Kromphardt are joined by Kyle Cucci, Staff Threat Researcher at Proofpoint. Dive with us into the world of cyber attacks as Kyle breaks down the intricacies of evasion techniques used by threat actors. From defense evasion to anti-sandboxing and anti-reversing methods, Kyle sheds light on how modern malware ensures its survival. Discover the evolution and increasing sophistication of these techniques, and learn about specific malware families like WikiLoader, Remcos, and the notorious Loki Bot.We then move into how teams of threat hunters, intelligence analysts, and malware reversers work closely to identify new malware techniques and develop robust defenses within sandbox environments. Kyle shares insights into the constant feedback loop between intelligence and detection teams, highlighting how they stay ahead of evolving threats.We also talk about: evasion strategies, including temperature checks, geofencing, and human detection mechanismsthe use of publicly available tools by malware authorsthe future of AI and large language models (LLMs) in both aiding and combating cyber threatsResources mentioned:Evasive Malware by Kyle CucciSentinelOne Research: https://www.sentinelone.com/blog/blackmamba-chatgpt-polymorphic-malware-a-case-of-scareware-or-a-wake-up-call-for-cyber-security/For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.