DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!Hello to all our cyber pals! Joining our series host, Selena Larson, is our co-host today, Tim Kromphardt. Together they welcome our special guest–Daniel Blackford, the Director of Threat Research at Proofpoint. The conversation dives into the intricate world of cyber threats and the impact of law enforcement disruptions on malware, botnets, and ransomware actors.We'll explore how threat actors react when their preferred infrastructures or ransomware-as-a-service systems get taken down, offering insights into their various responses—from rebuilding and rebranding to the emergence of new power players in the cybercriminal ecosystem.We also talk about: Analysis of the Hive ransomware takedown and the massive Qbot operation, including the technical and human aspects of these disruptionsHow other groups rise to prominence despite disruptionsDifferences between malware disruptions and business email compromise (BEC) or fraud-focused disruptionsThe evolution of threat actor techniques, such as, legitimate remote management tools and living off the land techniquesFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Senior Reverse Engineer Pim Trouerbach and Senior Threat Research Engineer Jacob Latonis from Proofpoint discuss the significance of engineering skills in threat research. They emphasize the importance of AI, understanding threat actors' behavior, and effective tool development. Topics include malware versioning insights, encryption methods used by threat actors, and the necessity of human expertise in handling complex code.

Researcher Selena discusses the unique tactics of cyber threat actor TA4903, including spoofing government entities for phishing campaigns and using advanced techniques like evil proxy and QR codes. The podcast explores rising trends in cryptocurrency scams and financial fraud, emphasizing the importance of vigilance and evolving defensive strategies against social engineering threats.

Returning guest, Pim Trouerbach, shares personal stories about favorite malware like Pikabot and Latrodectus. The discussion covers the evolution of malware, shifts in attack tactics, and the need for adaptive detection methods. Insights on battling evolving cyber threats and consequences of malware in sandbox environments are explored.

Send us fan mail!Network-based detections, such as those developed by threat detection engineers using tools like suricata and snort signatures, play a crucial role in identifying and mitigating cyber threats by scrutinizing and analyzing network traffic for malicious patterns and activities.Today’s guest is Isaac Shaughnessy, a Threat Detection Engineer at Proofpoint. Isaac shares his insights into the challenges of detecting and mitigating malware, especially those using social platforms for command and control. He emphasizes the team's engagement with the InfoSec community, highlighting the value of platforms like Twitter and Mastodon for sharing and receiving information.We also dive into:the unique challenges of crafting effective signaturesthe specifics of malware, focusing on Vidar stealer and highlighting the dynamic nature of Vidar's command and control infrastructurethe distribution methods of these malware strains, from email campaigns to unconventional tactics like using video game platforms and social media for luring victimsResources mentioned:Intro to Traffic Analysis w/ Issac ShaughnessyEmerging Threats Mastodon: https://infosec.exchange/@emergingthreatsThreat Insight Mastodon: https://infosec.exchange/@threatinsightVidar Stealer Picks Up Steam!For more information, check out our website.

Join the conversation with Katie Nickels as she discusses career growth in threat intelligence, attribution challenges, and avoiding burnout in cybersecurity. Dive into communication hurdles, marketing of threat actors, and strategic incident handling approaches.

Send us fan mail!*This episode contains content warnings of suicide and self-harm* “It’s not about preventing something from happening, it’s being prepared for when it does.” This episode is filled with stories from the different scenarios that have been plaguing people with cyber security attacks. Today’s guest is Kevin Collier, a cybersecurity reporter at NBC. He joins us to discuss his experiences covering cybersecurity stories for a mainstream audience. As the first and only dedicated cybersecurity reporter at NBC, Collier reflects on the evolving nature of media coverage in the cybersecurity space, emphasizing the increasing need for dedicated coverage in major news publications. He highlights the rise of scams facilitated through text messages, emails, and zero-day exploits, emphasizing the geopolitical circumstances that enable these threats, and also helping audiences understand the reality behind the cyber threats they face.They also dive into:The poignant reporting process on a story of pig butchering scamsThe normalization of cyber threats, such as ransomware, and the role of the media in shaping public perceptionThe process of convincing stakeholders to prioritize certain topicsThe emotional toll of reporting on sensitive cybersecurity topics and the importance of self-care in navigating this challenging intersection.Resources mentioned: trigger warning for content of suicide and self-harm“Online romance scams are netting millions of dollars — and pushing some to self-harm” by Kevin CollierDiscarded Episode with Tim UtzigColonial Pipeline Blog by CISA.govFor more information, check out our website.

Send us fan mail!Is 2024 the year of adaptability and collaboration within the security community? Let’s hope so!Today’s episode is Part Two of what to expect in cybersecurity in 2024, and our guests are Randy Pargman and Rich Gonzalez. Randy sheds light on the crucial role of the Detections Team and emphasizes the constant innovation of malware authors, and the team’s mission to outsmart them. Rich discusses the Emerging Threats team and dives into open source and paid resources as force multipliers for security teams.While some reflections were shared about 2023, namely multiple high-profile vulnerability events and the challenges posed by QR codes, the conversation focused on the upcoming year. They anticipate increased creativity from threat actors, and emphasize the constant battle between red and blue teams. The conversation underscores the need for constant adaptation, response to emerging threats, and collaboration within the security community.Other topics discussed include:Incidents like WinRAR, Citrix NetScaler ADC, and ScreenConnect vulnerabilitiesThe positive impact of public-private partnerships and international cooperation in enhancing cybersecurity defensesHopeful vision for the industry, advocating for understanding, education, & increased diversityFor more information, check out our website.

Send us fan mail!To move forward, it’s good to take a minute and reflect on what’s happened. Today’s episode focuses on insights from Daniel Blackford and Alexis Dorais-Joncas, both Senior Managers of Threat Research at Proofpoint. This is the first in our two-part series looking at what’s on the horizon for 2024.Reflecting on 2023, they discuss the use of QR codes, major technique shifts from the biggest ecrime and APT actors, and the ongoing problem of ransomware.Looking ahead to 2024, the emphasis goes to the gradual shift of attacks outside corporate-managed infrastructure, leveraging personal email accounts to bypass extensive security measures. On the cybercrime side, there’s a prediction of the continued development of as-a-service models, particularly focusing on traffic distribution services, leading to more modular and challenging-to-attribute attack chains.They also dive into:Threat actor activity during the elections and OlympicsSpecific threat actor groups that caught their attention in 2023, TA473 and TA577Living off the Land conceptsFor more information, check out our website.

Send us fan mail!In this special Holiday edition of Discarded, the tables are turned with hosts, Selena and Crista, becoming the answer-ers, our returning Moderator, Mindy Semling, as the question asker, and our wonderful audience is transformed into Cyber Elves. This conversation is lively and filled with questions from a variety of engaged audience members. (Thank you to everyone who contributed). Questions range from career advice for aspiring Cyber Threat Analysts, to certain threats exploding in popularity, to a reflection of 2023. The Discarded Podcast team would like to take a moment and thank the following people for their contributions to the Cyber Security Landscape this year:Pim TrouerbachKelsey MerrimanTommy MadjarBryan CampbellGreg LesnewichKyle EatonJoe WiseEmerging Threats teamThe overall Proofpoint Team, including, but not limited to our PR and marketing teamsResources mentioned:Youtube: Katie Nickels Sans Threat Analysis Rundownhttps://www.sans.org/cyber-security-courses/cyber-threat-intelligence/https://www.networkdefense.co/courses/investigationtheory/https://www.nbcnews.com/tech/tech-news/how-online-romance-scams-netting-millions-self-harm-rcna85252https://medium.com/mitre-attack/attack-v14-fa473603f86bhttps://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9ahttps://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36https://www.atlanticcouncil.org/in-depth-research-reports/report/sleight-of-hand-how-china-weaponizes-software-vulnerability/https://www.wired.com/story/gadget-lab-podcast-621/https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/For more information, check out our website.