DISCARDED: Tales From the Threat Research Trenches

Randy Pargman, a seasoned Director of Threat Detection at Proofpoint with a background in the FBI, shares his insights on the ongoing battle against cybercriminals. He dives into the DEATH framework, emphasizing the power of Detection Engineering and Threat Hunting. Randy discusses the importance of log data retention to enhance security measures and reveals fascinating stories from his law enforcement days. He also highlights the value of collaboration among teams and shares innovative tactics from Operation Endgame to combat ransomware.

Send us fan mail!Hello, Cyber Stars! In today's episode of the Discarded Podcast, hosts Selena Larson and Pim Trouerbach are joined by Andy Greenberg, Senior Writer at WIRED. Known for his deep dives into the world of hacking, cybersecurity, and surveillance, Andy shares his journey of uncovering and telling compelling stories about the digital underworld.The conversation kicks off with Andy detailing his extensive experience in cybersecurity journalism and his knack for long-form storytelling. He shares insights into his acclaimed Wired article on the Mirai botnet hackers and discusses his latest book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. We also talk about: the intricate world of cryptocurrency and its unintended consequence of fueling ransomware attacks the rise of pig butchering scams, now dwarfing ransomware in financial impactthe ethical dilemmas and real-world consequences of cybercrimeResources mentioned:Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy GreenbergTracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberghttps://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/https://www.wired.com/story/crypto-home-invasion-crime-ring/https://www.wired.com/story/tigran-gambaryan-us-congress-resolution-hostage-nigeria/ For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Check out new episodes of Only Malware in the Building wherever you listen to podcasts:https://thecyberwire.com/podcasts/only-malware-in-the-building

Send us fan mail!Hello, Cyber Pirates! In today's episode of the Discarded Podcast, hosts Selena Larson and Tim Kromphardt are joined by Kyle Cucci, Staff Threat Researcher at Proofpoint. Dive with us into the world of cyber attacks as Kyle breaks down the intricacies of evasion techniques used by threat actors. From defense evasion to anti-sandboxing and anti-reversing methods, Kyle sheds light on how modern malware ensures its survival. Discover the evolution and increasing sophistication of these techniques, and learn about specific malware families like WikiLoader, Remcos, and the notorious Loki Bot.We then move into how teams of threat hunters, intelligence analysts, and malware reversers work closely to identify new malware techniques and develop robust defenses within sandbox environments. Kyle shares insights into the constant feedback loop between intelligence and detection teams, highlighting how they stay ahead of evolving threats.We also talk about: evasion strategies, including temperature checks, geofencing, and human detection mechanismsthe use of publicly available tools by malware authorsthe future of AI and large language models (LLMs) in both aiding and combating cyber threatsResources mentioned:Evasive Malware by Kyle CucciSentinelOne Research: https://www.sentinelone.com/blog/blackmamba-chatgpt-polymorphic-malware-a-case-of-scareware-or-a-wake-up-call-for-cyber-security/For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello, cyber sleuths! In today's exciting episode of the Discarded Podcast, hosts Selena Larson and Sarah Sabotka are joined by the brilliant Pim Trouerbach, Senior Reverse Engineer at Proofpoint. Pim gives us the lowdown on this massive law enforcement operation targeting multiple high-profile botnets across the globe, called Operation Endgame, and how this coordinated takedown affects the cybercrime landscape and the significance of arresting the individuals behind these operations.He also breaks down the different malware impacted including SystemBC, IcedID, Pikabot, Bumblebee, and more.We also talk about: the rise and fall of Bumblebee, comparing it to its predecessor, Baza Loader, and contemplating why it didn't quite live up to its anticipated potential despite its advanced featuresthe collaborative efforts between law enforcement and private sector partners, emphasizing the effectiveness of these joint operations in curbing cyber threatsthe high-quality, cinematic videos released as part of Operation EndgameResources mentioned:https://www.proofpoint.com/us/blog/threat-insight/major-botnets-disrupted-global-law-enforcement-takedownhttps://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kitshttps://operation-endgame.com/https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operationhttps://x.com/Shadowserver/status/1797945864004210843For more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Send us fan mail!Hello to all our cyber squirrels! Joining our series host, Selena Larson, is our co-host today, Tim Kromphardt. Together they welcome our special guest–Dr. Bob Hausmann, Proofpoint's Manager of Learning Architecture and Assessments and a seasoned psychologist.Our conversation explores how cyber threat actors exploit the different systems of thought in our brains and how attackers leverage our rapid, emotionally-driven responses (system one thinking) to bypass our more deliberate, rational processes (system two thinking).Dr. Bob introduces us to the concept of cognitive biases, particularly normalcy bias, and how these mental shortcuts can shape our cyber defense strategies. He explains how organizations often fall into the trap of thinking "it won't happen to us," leading to underinvestment in critical security measures. Drawing parallels to historical events like the sinking of the Titanic and the COVID-19 pandemic, he underscores the importance of overcoming these biases to enhance preparedness.We also talk about: Real-world implications and examples of social engineering attacks.The impact of urgency and stress on decision-making in cybersecurity.The alarming rise and mechanics of pig butchering scams.The role of AI in scams and cybersecurityEmpathetic approaches to helping scam victimsResources mentioned:Book: "Thinking, Fast and Slow" by Daniel KahnemanBook: "The Art of Deception" by Kevin MitnickPrevious Discarded Episode on Pig Butchering Have I Been PwnedPhishMeCybersecurity and Infrastructure Security Agency (CISA)SANS Institutehttps://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://therecord.media/southeast-asian-scam-syndicates-stealing-billions-annuallyhttps://www.cfr.org/in-brief/how-myanmar-became-global-center-cyber-scamshttps://www.proofpoint.com/us/blog/threat-insight/dont-answer-russia-aligned-ta499-beleaguers-targets-video-call-requestsFor more information about Proofpoint,

Send us fan mail!Hello to all our cyber pals! Joining our series host, Selena Larson, is our co-host today, Tim Kromphardt. Together they welcome our special guest–Daniel Blackford, the Director of Threat Research at Proofpoint. The conversation dives into the intricate world of cyber threats and the impact of law enforcement disruptions on malware, botnets, and ransomware actors.We'll explore how threat actors react when their preferred infrastructures or ransomware-as-a-service systems get taken down, offering insights into their various responses—from rebuilding and rebranding to the emergence of new power players in the cybercriminal ecosystem.We also talk about: Analysis of the Hive ransomware takedown and the massive Qbot operation, including the technical and human aspects of these disruptionsHow other groups rise to prominence despite disruptionsDifferences between malware disruptions and business email compromise (BEC) or fraud-focused disruptionsThe evolution of threat actor techniques, such as, legitimate remote management tools and living off the land techniquesFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Senior Reverse Engineer Pim Trouerbach and Senior Threat Research Engineer Jacob Latonis from Proofpoint discuss the significance of engineering skills in threat research. They emphasize the importance of AI, understanding threat actors' behavior, and effective tool development. Topics include malware versioning insights, encryption methods used by threat actors, and the necessity of human expertise in handling complex code.

Researcher Selena discusses the unique tactics of cyber threat actor TA4903, including spoofing government entities for phishing campaigns and using advanced techniques like evil proxy and QR codes. The podcast explores rising trends in cryptocurrency scams and financial fraud, emphasizing the importance of vigilance and evolving defensive strategies against social engineering threats.

Returning guest, Pim Trouerbach, shares personal stories about favorite malware like Pikabot and Latrodectus. The discussion covers the evolution of malware, shifts in attack tactics, and the need for adaptive detection methods. Insights on battling evolving cyber threats and consequences of malware in sandbox environments are explored.