DISCARDED: Tales From the Threat Research Trenches

Joe Wise, Senior Threat Researcher, and Kyle Cucci, Staff Threat Researcher, from Proofpoint, dive into the crafty world of cybercrime. They discuss how attackers exploit legitimate services like Google Drive and Dropbox to blend in with normal traffic. Fascinating trends highlight the use of Cloudflare tunnels and malware like Xworm and Venom Rat. They also tackle the complexities of detection and the evolution of threat strategies, revealing the ongoing cat-and-mouse game between cybercriminals and defenders.

Send us fan mail!Hello to all our cyber citizens! Join host Selena Larson and today’s co-host, Tim Kromphardt, as they chat with Joshua Miller, Senior Threat Researcher and Rob Kinner, Senior Threat Analyst both from Proofpoint.With election season on the horizon, cyber attackers are sharpening their tactics—impersonating government agencies, emailing journalists, and crafting sophisticated phishing schemes. But how real is the threat? And what can be done to protect our democracy from the digital shadows? Today, we pull back the curtain on the unseen battles being fought in cyberspace and what it means for voters, journalists, and defenders alike.The discussion covers a range of election threats, from malicious domains, impersonation, and typo-squatting to sophisticated credential phishing campaigns that exploit government and election-related themes.Also discussed:how state-sponsored actors from DPRK, Russia, and China are interested in espionage around election related topics the impersonation of various government entities for phishing purposes, revealing the creativity and resourcefulness of threat actorswhile cyber threats are pervasive, the integrity of the voting process remains strong, backed by robust defenses and ongoing efforts by dedicated professionalsResources mentioned:https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-deliveringhttps://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influencehttps://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalistshttps://www.proofpoint.com/us/blog/threat-insight/media-coverage-doesnt-deter-actor-threatening-democratic-votersFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello to all our mindful and demure cyber sleuths! Join host Selena Larson and today’s co-host, Sarah Sabotka as they chat with Joshua Miller and Greg Lesnewich, Threat Researchers at Proofpoint about the ever-evolving world of advanced persistent threats (APTs).The team unravels the latest espionage tactics of threat actors from Iran, North Korea, and Russia, exploring everything from Iran’s sophisticated social engineering campaigns to North Korea’s customized Mac malware.They also highlight the increasing interest in MacOS malware in the cybercrime landscape and examine examine the threat posed by a group targeting AI researchers with unique malware like "SugarGh0st RAT."Also discussed:the quirky and often amusing names given to malware campaigns in the cybersecurity world.unexpected connections between cybersecurity and pop culture, featuring a discussion on how celebrities like Taylor Swift handle digital security.what recent activity suggests about the actors’ changing tactics.Resources mentioned:SleuthCon Talk: Presenter, Selena LarsonRivers of Phish from CitizenLabhttps://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-deliveringhttps://www.proofpoint.com/us/blog/threat-insight/security-brief-ta450-uses-embedded-links-pdf-attachments-latest-campaignhttps://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykornhttps://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-fundshttps://www.theguardian.com/music/shortcuts/2019/jan/29/digital-security-taylor-swift-facetime-privacy-bug-breacheshttps://www.youtube.com/watch?v=LYHmTjFW-nYhttps://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-weekhttps://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american For more information about Proofpoint,

Eric Geller, a cybersecurity reporter and host of the Hoth Takes podcast, explores the fascinating intersections between Star Wars and cybersecurity. He discusses how iconic moments, like the Rebel infiltration of the Death Star, mirror modern hacking tactics. Geller and co-hosts analyze character traits that resonate with cyber roles, and even contemplate who would be the best CISO in the Star Wars universe. Dive into the lessons of social engineering and strategic vulnerabilities, revealing how a galaxy far, far away holds valuable insights for today’s digital defense.

Randy Pargman, a seasoned Director of Threat Detection at Proofpoint with a background in the FBI, shares his insights on the ongoing battle against cybercriminals. He dives into the DEATH framework, emphasizing the power of Detection Engineering and Threat Hunting. Randy discusses the importance of log data retention to enhance security measures and reveals fascinating stories from his law enforcement days. He also highlights the value of collaboration among teams and shares innovative tactics from Operation Endgame to combat ransomware.

Send us fan mail!Hello, Cyber Stars! In today's episode of the Discarded Podcast, hosts Selena Larson and Pim Trouerbach are joined by Andy Greenberg, Senior Writer at WIRED. Known for his deep dives into the world of hacking, cybersecurity, and surveillance, Andy shares his journey of uncovering and telling compelling stories about the digital underworld.The conversation kicks off with Andy detailing his extensive experience in cybersecurity journalism and his knack for long-form storytelling. He shares insights into his acclaimed Wired article on the Mirai botnet hackers and discusses his latest book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. We also talk about: the intricate world of cryptocurrency and its unintended consequence of fueling ransomware attacks the rise of pig butchering scams, now dwarfing ransomware in financial impactthe ethical dilemmas and real-world consequences of cybercrimeResources mentioned:Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy GreenbergTracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberghttps://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/https://www.wired.com/story/crypto-home-invasion-crime-ring/https://www.wired.com/story/tigran-gambaryan-us-congress-resolution-hostage-nigeria/ For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Check out new episodes of Only Malware in the Building wherever you listen to podcasts:https://thecyberwire.com/podcasts/only-malware-in-the-building

Send us fan mail!Hello, Cyber Pirates! In today's episode of the Discarded Podcast, hosts Selena Larson and Tim Kromphardt are joined by Kyle Cucci, Staff Threat Researcher at Proofpoint. Dive with us into the world of cyber attacks as Kyle breaks down the intricacies of evasion techniques used by threat actors. From defense evasion to anti-sandboxing and anti-reversing methods, Kyle sheds light on how modern malware ensures its survival. Discover the evolution and increasing sophistication of these techniques, and learn about specific malware families like WikiLoader, Remcos, and the notorious Loki Bot.We then move into how teams of threat hunters, intelligence analysts, and malware reversers work closely to identify new malware techniques and develop robust defenses within sandbox environments. Kyle shares insights into the constant feedback loop between intelligence and detection teams, highlighting how they stay ahead of evolving threats.We also talk about: evasion strategies, including temperature checks, geofencing, and human detection mechanismsthe use of publicly available tools by malware authorsthe future of AI and large language models (LLMs) in both aiding and combating cyber threatsResources mentioned:Evasive Malware by Kyle CucciSentinelOne Research: https://www.sentinelone.com/blog/blackmamba-chatgpt-polymorphic-malware-a-case-of-scareware-or-a-wake-up-call-for-cyber-security/For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello, cyber sleuths! In today's exciting episode of the Discarded Podcast, hosts Selena Larson and Sarah Sabotka are joined by the brilliant Pim Trouerbach, Senior Reverse Engineer at Proofpoint. Pim gives us the lowdown on this massive law enforcement operation targeting multiple high-profile botnets across the globe, called Operation Endgame, and how this coordinated takedown affects the cybercrime landscape and the significance of arresting the individuals behind these operations.He also breaks down the different malware impacted including SystemBC, IcedID, Pikabot, Bumblebee, and more.We also talk about: the rise and fall of Bumblebee, comparing it to its predecessor, Baza Loader, and contemplating why it didn't quite live up to its anticipated potential despite its advanced featuresthe collaborative efforts between law enforcement and private sector partners, emphasizing the effectiveness of these joint operations in curbing cyber threatsthe high-quality, cinematic videos released as part of Operation EndgameResources mentioned:https://www.proofpoint.com/us/blog/threat-insight/major-botnets-disrupted-global-law-enforcement-takedownhttps://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kitshttps://operation-endgame.com/https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operationhttps://x.com/Shadowserver/status/1797945864004210843For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello to all our cyber squirrels! Joining our series host, Selena Larson, is our co-host today, Tim Kromphardt. Together they welcome our special guest–Dr. Bob Hausmann, Proofpoint's Manager of Learning Architecture and Assessments and a seasoned psychologist.Our conversation explores how cyber threat actors exploit the different systems of thought in our brains and how attackers leverage our rapid, emotionally-driven responses (system one thinking) to bypass our more deliberate, rational processes (system two thinking).Dr. Bob introduces us to the concept of cognitive biases, particularly normalcy bias, and how these mental shortcuts can shape our cyber defense strategies. He explains how organizations often fall into the trap of thinking "it won't happen to us," leading to underinvestment in critical security measures. Drawing parallels to historical events like the sinking of the Titanic and the COVID-19 pandemic, he underscores the importance of overcoming these biases to enhance preparedness.We also talk about: Real-world implications and examples of social engineering attacks.The impact of urgency and stress on decision-making in cybersecurity.The alarming rise and mechanics of pig butchering scams.The role of AI in scams and cybersecurityEmpathetic approaches to helping scam victimsResources mentioned:Book: "Thinking, Fast and Slow" by Daniel KahnemanBook: "The Art of Deception" by Kevin MitnickPrevious Discarded Episode on Pig Butchering Have I Been PwnedPhishMeCybersecurity and Infrastructure Security Agency (CISA)SANS Institutehttps://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://therecord.media/southeast-asian-scam-syndicates-stealing-billions-annuallyhttps://www.cfr.org/in-brief/how-myanmar-became-global-center-cyber-scamshttps://www.proofpoint.com/us/blog/threat-insight/dont-answer-russia-aligned-ta499-beleaguers-targets-video-call-requestsFor more information about Proofpoint,