DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!Hello, cyber sleuths! In today's exciting episode of the Discarded Podcast, hosts Selena Larson and Sarah Sabotka are joined by the brilliant Pim Trouerbach, Senior Reverse Engineer at Proofpoint. Pim gives us the lowdown on this massive law enforcement operation targeting multiple high-profile botnets across the globe, called Operation Endgame, and how this coordinated takedown affects the cybercrime landscape and the significance of arresting the individuals behind these operations.He also breaks down the different malware impacted including SystemBC, IcedID, Pikabot, Bumblebee, and more.We also talk about: the rise and fall of Bumblebee, comparing it to its predecessor, Baza Loader, and contemplating why it didn't quite live up to its anticipated potential despite its advanced featuresthe collaborative efforts between law enforcement and private sector partners, emphasizing the effectiveness of these joint operations in curbing cyber threatsthe high-quality, cinematic videos released as part of Operation EndgameResources mentioned:https://www.proofpoint.com/us/blog/threat-insight/major-botnets-disrupted-global-law-enforcement-takedownhttps://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kitshttps://operation-endgame.com/https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operationhttps://x.com/Shadowserver/status/1797945864004210843For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello to all our cyber squirrels! Joining our series host, Selena Larson, is our co-host today, Tim Kromphardt. Together they welcome our special guest–Dr. Bob Hausmann, Proofpoint's Manager of Learning Architecture and Assessments and a seasoned psychologist.Our conversation explores how cyber threat actors exploit the different systems of thought in our brains and how attackers leverage our rapid, emotionally-driven responses (system one thinking) to bypass our more deliberate, rational processes (system two thinking).Dr. Bob introduces us to the concept of cognitive biases, particularly normalcy bias, and how these mental shortcuts can shape our cyber defense strategies. He explains how organizations often fall into the trap of thinking "it won't happen to us," leading to underinvestment in critical security measures. Drawing parallels to historical events like the sinking of the Titanic and the COVID-19 pandemic, he underscores the importance of overcoming these biases to enhance preparedness.We also talk about: Real-world implications and examples of social engineering attacks.The impact of urgency and stress on decision-making in cybersecurity.The alarming rise and mechanics of pig butchering scams.The role of AI in scams and cybersecurityEmpathetic approaches to helping scam victimsResources mentioned:Book: "Thinking, Fast and Slow" by Daniel KahnemanBook: "The Art of Deception" by Kevin MitnickPrevious Discarded Episode on Pig Butchering Have I Been PwnedPhishMeCybersecurity and Infrastructure Security Agency (CISA)SANS Institutehttps://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://therecord.media/southeast-asian-scam-syndicates-stealing-billions-annuallyhttps://www.cfr.org/in-brief/how-myanmar-became-global-center-cyber-scamshttps://www.proofpoint.com/us/blog/threat-insight/dont-answer-russia-aligned-ta499-beleaguers-targets-video-call-requestsFor more information about Proofpoint,

Send us fan mail!Hello to all our cyber pals! Joining our series host, Selena Larson, is our co-host today, Tim Kromphardt. Together they welcome our special guest–Daniel Blackford, the Director of Threat Research at Proofpoint. The conversation dives into the intricate world of cyber threats and the impact of law enforcement disruptions on malware, botnets, and ransomware actors.We'll explore how threat actors react when their preferred infrastructures or ransomware-as-a-service systems get taken down, offering insights into their various responses—from rebuilding and rebranding to the emergence of new power players in the cybercriminal ecosystem.We also talk about: Analysis of the Hive ransomware takedown and the massive Qbot operation, including the technical and human aspects of these disruptionsHow other groups rise to prominence despite disruptionsDifferences between malware disruptions and business email compromise (BEC) or fraud-focused disruptionsThe evolution of threat actor techniques, such as, legitimate remote management tools and living off the land techniquesFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Senior Reverse Engineer Pim Trouerbach and Senior Threat Research Engineer Jacob Latonis from Proofpoint discuss the significance of engineering skills in threat research. They emphasize the importance of AI, understanding threat actors' behavior, and effective tool development. Topics include malware versioning insights, encryption methods used by threat actors, and the necessity of human expertise in handling complex code.

Researcher Selena discusses the unique tactics of cyber threat actor TA4903, including spoofing government entities for phishing campaigns and using advanced techniques like evil proxy and QR codes. The podcast explores rising trends in cryptocurrency scams and financial fraud, emphasizing the importance of vigilance and evolving defensive strategies against social engineering threats.

Returning guest, Pim Trouerbach, shares personal stories about favorite malware like Pikabot and Latrodectus. The discussion covers the evolution of malware, shifts in attack tactics, and the need for adaptive detection methods. Insights on battling evolving cyber threats and consequences of malware in sandbox environments are explored.

Send us fan mail!Network-based detections, such as those developed by threat detection engineers using tools like suricata and snort signatures, play a crucial role in identifying and mitigating cyber threats by scrutinizing and analyzing network traffic for malicious patterns and activities.Today’s guest is Isaac Shaughnessy, a Threat Detection Engineer at Proofpoint. Isaac shares his insights into the challenges of detecting and mitigating malware, especially those using social platforms for command and control. He emphasizes the team's engagement with the InfoSec community, highlighting the value of platforms like Twitter and Mastodon for sharing and receiving information.We also dive into:the unique challenges of crafting effective signaturesthe specifics of malware, focusing on Vidar stealer and highlighting the dynamic nature of Vidar's command and control infrastructurethe distribution methods of these malware strains, from email campaigns to unconventional tactics like using video game platforms and social media for luring victimsResources mentioned:Intro to Traffic Analysis w/ Issac ShaughnessyEmerging Threats Mastodon: https://infosec.exchange/@emergingthreatsThreat Insight Mastodon: https://infosec.exchange/@threatinsightVidar Stealer Picks Up Steam!For more information, check out our website.

Join the conversation with Katie Nickels as she discusses career growth in threat intelligence, attribution challenges, and avoiding burnout in cybersecurity. Dive into communication hurdles, marketing of threat actors, and strategic incident handling approaches.

Send us fan mail!*This episode contains content warnings of suicide and self-harm* “It’s not about preventing something from happening, it’s being prepared for when it does.” This episode is filled with stories from the different scenarios that have been plaguing people with cyber security attacks. Today’s guest is Kevin Collier, a cybersecurity reporter at NBC. He joins us to discuss his experiences covering cybersecurity stories for a mainstream audience. As the first and only dedicated cybersecurity reporter at NBC, Collier reflects on the evolving nature of media coverage in the cybersecurity space, emphasizing the increasing need for dedicated coverage in major news publications. He highlights the rise of scams facilitated through text messages, emails, and zero-day exploits, emphasizing the geopolitical circumstances that enable these threats, and also helping audiences understand the reality behind the cyber threats they face.They also dive into:The poignant reporting process on a story of pig butchering scamsThe normalization of cyber threats, such as ransomware, and the role of the media in shaping public perceptionThe process of convincing stakeholders to prioritize certain topicsThe emotional toll of reporting on sensitive cybersecurity topics and the importance of self-care in navigating this challenging intersection.Resources mentioned: trigger warning for content of suicide and self-harm“Online romance scams are netting millions of dollars — and pushing some to self-harm” by Kevin CollierDiscarded Episode with Tim UtzigColonial Pipeline Blog by CISA.govFor more information, check out our website.

Send us fan mail!Is 2024 the year of adaptability and collaboration within the security community? Let’s hope so!Today’s episode is Part Two of what to expect in cybersecurity in 2024, and our guests are Randy Pargman and Rich Gonzalez. Randy sheds light on the crucial role of the Detections Team and emphasizes the constant innovation of malware authors, and the team’s mission to outsmart them. Rich discusses the Emerging Threats team and dives into open source and paid resources as force multipliers for security teams.While some reflections were shared about 2023, namely multiple high-profile vulnerability events and the challenges posed by QR codes, the conversation focused on the upcoming year. They anticipate increased creativity from threat actors, and emphasize the constant battle between red and blue teams. The conversation underscores the need for constant adaptation, response to emerging threats, and collaboration within the security community.Other topics discussed include:Incidents like WinRAR, Citrix NetScaler ADC, and ScreenConnect vulnerabilitiesThe positive impact of public-private partnerships and international cooperation in enhancing cybersecurity defensesHopeful vision for the industry, advocating for understanding, education, & increased diversityFor more information, check out our website.