DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!Cloud threats are a growing concern due to users' and organizations' increasing adoption of cloud computing. It's crucial to develop the skills needed to identify and analyze cloud-based threats and know the latest security tools and techniques to detect, prevent, and respond to cloud-based attacks.Ultimately, security researchers and analysts play a critical role in helping organizations mitigate cloud-related risks and ensure the security of their cloud environments. In this episode, Eilon Bendet, from the Proofpoint cloud threat research team, joins us to discuss the cloud threats he is seeing. In this episode, we discuss the following: Cloud threat Detection and landscape Main objectives for threat actors when they leverage the cloud How users and organization can best protect themselvesAdditional Resources: Cloud Threats & Cloud Threat Landscape https://www.proofpoint.com/us/threat-reference/casb https://www.proofpoint.com/us/corporate-blog/post/dont-let-cloud-threats-rain-your-parade https://www.proofpoint.com/us/corporate-blog/post/microsoft-office-365-attacks-circumvent-multi-factor-authentication-lead-account https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-analyzes-potentially-dangerous-functionality-microsoft-sway-enables https://www.proofpoint.com/us/resources/webinars/deep-dive-latest-cloud-threats-microsoft-environments

Send us fan mail!In the cyber threat intelligence and cybersecurity world, there is a growing recognition of the value of professionals with diverse backgrounds and skillsets. While many individuals in the field come from traditional computer science or engineering backgrounds, there is also a trend of people entering the field from unexpected paths. Sarah Sabotka, Senior Threat Researcher at Proofpoint, joins us on this episode to discuss her background in animal cruelty investigations. In this episode, we discuss the following: What a typical day in the life of an animal cruelty investigator looks likeHow Sarah used social engineering and open-source intelligence (OSINT) to build casesHow non-traditional skills and experiences have translated to success in infosecResources: https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36 https://www.mandiant.com/resources/blog/cti-analyst-core-competencies-framework Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Zydeca Cass, Senior Threat Researcher at Proofpoint, joins the show to discuss Russia-aligned threat actor TA499. Zydeca dives into what makes tracking this threat actor so unique. Join us as we discuss:Who TA499 are and what they do What makes their activity a cyber threat others should pay attention to What their activity tells us about Russia-aligned groupsHow to prevent being exploited Check out these resources we mentioned:https://www.proofpoint.com/us/blog/threat-insight/dont-answer-russia-aligned-ta499-beleaguers-targets-video-call-requestshttps://www.theguardian.com/world/2022/mar/21/video-released-showing-russian-hoax-call-with-uk-defence-secretaryKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!We’ve discussed a handful of APT actors on the Discarded podcast, like Russia, Iran, China and Turkey. In this episode, we dive into the isolated world of North Korean aligned actors with Sr. Threat Researcher, Greg Lesnewich. In this episode, we discuss the following: The role DPRK’s culture of isolation has played in its approach to cyber espionageOverview of TA444 and what makes them different in the landscapeTA444s relationship with cryptocurrencyResources: https://www.technologyreview.com/2020/09/10/1008282/north-korea-hackers-money-laundering-cryptocurrency-bitcoin/https://cyberscoop.com/north-korea-lazarus-group-bangladesh-bank-donald-trump-xi-jinping/https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-fundshttps://www.recordedfuture.com/north-korea-internet-tool - https://go.recordedfuture.com/hubfs/reports/cta-2020-0209.pdf

Send us fan mail!Social engineering is a technique used by attackers to manipulate individuals into performing actions that may put their personal or sensitive information at risk. Attackers know the biggest weakness in cybersecurity is humans—and with this, leverage socially engineered phishing emails to manipulate the human psychology. In this episode, we have Dr. Bob Hausmann, Learning and Assessment Architect, joining us to discuss the psychology behind user engagement with phishing. In this episode, we discuss the following: The Zone of Proximal DevelopmentWhat the Adaptive Learning Framework isWhere ethical lines should be drawn with phishing simulationsPsychology of social engineering in threat actor approachesAdditional resources: https://www.proofpoint.com/us/blog/security-awareness-training/adaptive-learning-framework-security-awareness-traininghttps://www.forrester.com/report/the-future-of-security-awareness-and-training/RES178339https://www.ncsc.gov.uk/blog-post/telling-users-to-avoid-clicking-bad-links-still-isnt-workinghttps://twitter.com/threatinsight/status/1612888307645485086Daniel Pink Autonomy, Mastery & Purpose: https://www.youtube.com/watch?v=rbR2V1UeB_A&feature=youtu.behttps://www.proofpoint.com/us/blog/threat-insight/exploiting-covid-19-how-threat-actors-hijacked-pandemicStay Puft Marshmallow Man: https://www.youtube.com/watch?v=2zhDfUAQSbs&ab_channel=Ghostbusters2023 State of the Phish Report: Publishing on February 28, 2023 on proofpoint.com

Send us fan mail!A new year has arrived! The 2022 threat landscape had some extremely notable activity, from Russian APT actors to Microsoft's blocking of macros. We saw a lot and can guarantee threat actors won't be slowing down in 2023 and will continue to be a major threat to organizations. In this episode, Threat Research Managers, Alexis Dorais-Joncas, Rich Gonzalaz and Daniel Blackford, join us to share their perspectives on the 2023 threat landscape. Join us as we discuss the following: What our experts are anticipating in 2023 How vulnerabilities help in detection creation Emerging techniques that could be used by malicious actors Additional resources: https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo https://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-online Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!Threat actors are disarming their victims with a new approach: The long game. Instead of asking for money or gift cards upfront, they build a connection and confidence until they cash in on the big payout. In this episode of Discarded, Selena Larson and Crista Giering are joined by Proofpoint team members: Tim Kromphardt, Email Fraud Researcher, and Genina Po, Threat Analyst, to discuss socially engineered attacks and how victims are tricked. Join us as we discuss:Understanding what pig butchering isHow the scam blindsides victimsThe evolution of the fraud from China to other countries in AsiaResources mentioned: https://www.rappler.com/business/chinese-mafia-trafficking-filipinos-lure-lonely-professionals-cryptocurrency-scam/https://finance.yahoo.com/news/chinese-mafia-forcing-filipinos-crypto-034555327.htmlhttps://www.youtube.com/watch?v=720qUBQZJZ0https://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://www.vice.com/en/article/n7zb5d/pig-butchering-scam-cambodia-traffickingKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!As the end of year is rapidly approaching, it’s important to reflect back on some of the top learnings for the year. In this special holiday edition of The Discarded podcast, Selena and Crista are joined by Mindy Semling, Podcast Producer at Proofpoint, to answer questions on their favorite things from threat research over the past year — from blogs to malware to holiday songs, we cover it all. Join us as we discuss:Celebrating the yearThe 12 favorites A thank you to our guestsResources mentioned: https://www.proofpoint.com/us/blog/threat-insight/exploiting-covid-19-how-threat-actors-hijacked-pandemichttps://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming https://medium.com/mitre-attack/intelligence-failures-of-lincolns-top-spies-what-cti-analysts-can-learn-from-the-civil-war-35be8d12884For more research, check out the Proofpoint Threat Insight blog: https://www.proofpoint.com/us/blog/threat-insight Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this highly entertaining episode of DISCARDED, Selena Larson and Crista Giering host a wild round of “Ask Me Anything,” with Sherrod DeGrippo, VP of Threat Research and Detection, and Daniel Blackford, Threat Researcher at Proofpoint. Featuring insightful questions from listeners and former guests, these industry experts cover a wide range of topics, from silly to serious.Join us as we discuss:The most boring malware and common threat actor mistakesNew developments in Ukraine and the Global SouthA proliferation of mobile malware and sports-related attacksKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!Social proof is a potent tool, even in the absence of direct support. When someone is pressured to do something in the presence of trusted peers, they are more likely to follow through unless someone objects. Unfortunately, threat actors have taken notice and are investing significant time and resources into looking like a trusted party to gain access to your personal information.Josh Miller and Sam Scholten join this episode to share their experiences with the evolving intellect of attackers and their multifaceted breach strategies. Using multi-persona impersonation (MPI), attackers establish multiple accounts and increase trust by manipulating social validation — a psychological tool.Join us as we discuss:The evolution of MPIsEmail fraud taxonomyThe role of MPI in business email compromiseResources: https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo https://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-proofpoint-framework Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!