DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!Just like a forensic scientist, the job of a threat analyst is to search for the digital fingerprints. The key is to have a starting reference point, and then being able to see what is off from there.Our guest today is Bryan Campbell, a Staff Threat Analyst at Proofpoint. He breaks down what is happening on the China cybercrime threat landscape, as well as, the importance of staying aware of past trends. Join us as we also discuss:[7:09] The Renaissance of Chinese malware in email data[12:05] Chinese themed malware and malware families[13:55] The campaigns delivering this type of malware[20:00] How the China cybercrime landscape has changed[25:04] Expectations for the future [28:32] LLMs being used for these circumstancesFor more information, check out our website.

Send us fan mail!Engineering skills can play a massively beneficial role in cyber security, as Pim Trouerbach, a Senior Reverse Engineer at Proofpoint and Jacob Latonis, Senior Threat Research Engineer at Proofpoint, are able to share. They emphasize the importance of understanding the requirements and context of security researchers to build effective tools. The conversation touches on the potential impact of AI and LLMs (large language models) in threat research. While AI tools can be valuable for entry-level tasks, the context, experience, and expertise of human engineers are essential for handling complex code and understanding threat actors' behaviors.Join us as we also discuss:[02:59] The uniqueness of engineering skills in understanding researchers' requirements for data cleaning, tool development, and working in a security environment.[11:06] How the versioning in malware samples can provide insights into the threat actors' behavior and trajectory.[13:24] How malware is simply software with malicious intent, and how practices of developers and threat actors can overlap.[17:10] The tools and techniques used by threat actors, including obfuscation and encryption methods.[21:42] The importance of context and experience in writing tools and understanding researchers' workflows.For more information, check out our website.

Send us fan mail!What is new with Iranian actor TA453, and what is happening with their attack chains? To answer these questions, today’s guest is Joshua Miller, a Senior Threat Researcher on the APT team at Proofpoint. Since his last visit, Joshua has published new research on TA453, highlighting new malware and social engineering techniques, which can be found here.Join us as we discuss the following:[1:25] What’s new with threat actor T453[2:35] Multi Persona Impersonation[6:25] Use case of LNKs in the attack chain[8:10] Use of free cloud services[11:15] Attacking different operating systems[16:15] Convoluted attack chains[27:40] Collaborating with researchers, like DropboxFor more information, check out our website.

Send us fan mail!When researching cyber threats, there is a bias towards to the West and most of Europe. But what about the global majority?Today’s guest is Martijn Grooten, a Digital Security Threat Analyst with Internews. With 16 years of experience in cybersecurity, he has recently focused on the impact of security for at risk groups and people. Join us as we discuss the following:Outdated ideas of security for the general publicCommon trends geographicallyThe distinction of threats between devicesFor more information, check out our website.Resources:Martijn’s BotConf talk: https://youtu.be/CcqOy6WdUjwMartijn on social media: Twitter, Mastodon, LinkedIn

Send us fan mail!It's shaping up to be a weird and wacky summer for threat researchers.While it’s been quieter on the front end, there are still many stories to share with some weird and wacky incidents. This episode also includes a fun, dramatized read of an email tactic. Join us as we discuss the following:Where the team identifies on the Cyber Alignment ChartUse of celebrity names within email luresRecent PDF anticsUpdates about activity from current threat actorsFor more information, check out our website!

Send us fan mail!Who’s quiet and who’s making noise? What’s the backchannel chatter over at Proofpoint?Proofpoint threat researchers Joe Wise and Pim Trouerbach join this week’s episode to discuss the e-crime vibe for the first half of 2023. Join us as we discuss the following: Emotet’s activity, or lack thereofChaotic vibes from IcedIDTA570 and TA577 setting trends

Send us fan mail!How does cybercrime threaten individual reporters? What about an entire newsroom? What if you’re an average person who suddenly becomes the center of a dark conspiracy theory? Welcome to the world of cybersecurity for at-risk individuals. In this episode, renowned cybersecurity expert, Runa Sandvik joins to talk about her work protecting journalists and newsrooms from powerful attackers. Join us as we discuss the following: Protecting personal and corporate devices and accounts for high risk individualsCommon security gaps found in highly targeted organizationsEffectively using cybersecurity toolsCommunicating cybersecurity guidance in the workplaceResources:https://www.reuters.com/business/media-telecom/reuters-reporters-online-accounts-faked-approach-china-activists-2023-02-28/https://www.nbcnews.com/tech/misinformation/tiffany-dover-conspiracy-theorists-silence-rcna69401

Send us fan mail!A brief note on content for today's episode, we are going to be discussing or mentioning stalking, domestic abuse, and sex trafficking in today's show. If you’re a threat actor with a million dollar budget targeting high ranked targets like dissidents, activists, journalists and politicians, how do you do it? What if you’d like to stalk your neighbor, or your ex? In this episode, Proofpoint security research engineer, Chris Talib discusses high-ticket mobile spyware, the proliferation of low-cost stalkerware, surveillance capitalism and why he believes technology can’t solve social problems. Join us as we discuss the following: Mobile spyware toolsThe impact of low cost stalkerwareMoral and ethical implications of developing spywareThe role of governments,organizations and activists in protecting citizen’s right to privacyResources:https://www.laquadrature.net/en/https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/https://www.forbes.com/sites/thomasbrewster/2023/04/06/sex-traffickers-use-parenting-apps-like-life360-to-spy-on-victims/?sh=110a6e2464c3https://www.eff.org/https://tacticaltech.org/https://defensive-lab.agency/https://echap.eu.org/

Send us fan mail!At least three threat actors are ushering in a new era for IcedID, originally classified as banking malware in 2017. In this episode, Proofpoint researchers, Joe Wise and Pim Trouerbach, are here to share their research on the Lite and Forked IcedID variants Join us as we discuss the following:Lite IcedID VariantForked IcedID VariantThe key differences between the variantsWhich operators the Proofpoint team hypothesizes are behind the attacksResources:https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid

Send us fan mail!In this podcast episode, Proofpoint senior threat researcher, Adam McNeil, joins us to talk about conversational SMS phishing. These campaigns target mobile devices and often start with a simple, innocuous question. “Are you coming to dinner tomorrow?” can lead to anything from fraud to impersonation to financial schemes and is considered a $3 billion threat. In this episode, we discuss the following: Why a threat actor would choose a conversational SMS campaignDifferent scams associated with conversational SMS phishingLack of awareness surrounding mobile threats