DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!In this episode, Dr. Zachary Abzug, Manager and Tech Lead of Data Science at Proofpoint joins the show to discuss a machine learning enabled tool called Camp Discovery, AKA Camp Disco and the importance of the human interaction required for making use of machine learning in malware detection.Join us as we discuss:What exactly Camp Disco is and the need/idea behind its creationHow Camp Disco played a role in the discovery of Chocolatey threat activityWhy Camp Disco uses its own neural network language model instead of an existing language modelNatural Language Processing and how to teach a computer to speak “malware”    Check out these resources we mentioned:https://www.proofpoint.com/us/blog/engineering-insights/using-neural-network-language-model-instead-of-bert-gpt https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques https://www.proofpoint.com/us/company/careers   Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Joe Wise, Threat Researcher at Proofpoint, joins the show to discuss his and Selena’s research into a small e-crime actor, TA558 and its targeting against the hospitality and travel e-crime sector since at least 2018.Join us as we discuss:Classifying threat actors and how it relates to s’moresUnderstanding e-crime vs. APT actorsWhy hospitality and travel e-crimes are still successfulTA558’s TTPs and how their consistencies have aided in Proofpoint’s attribution of their activity over the yearsJoe shares his theories on why TA558 uses so many different malware typesCheck out these resources we mentioned:https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel https://embed.sounder.fm/play/299042  Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!Cybersecurity doesn't have to be spooky this Halloween.In this episode, Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, joins the show to discuss all things cybersecurity awareness so you can be prepared, not scared, this October. So grab a sweet treat and pull up a seat, the Hallow-queen is about to give her hot takes!Join us as we discuss:The growing risk of TOADs (Telephone Oriented Attack Delivery)Benign phishing reconnaissance emails by threat actorsWhat you need to know to adapt to this ever changing threat landscapeBring awareness to cybersecurity this October, even on ghost toursCheck out these resources we mentioned:https://www.proofpoint.com/us/cybersecurity-awareness-hub https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!All for wine, and wine for all. But only if it isn’t fraudulent.In July 2022, Allan Liska, an analyst at Recorded Future and wine expert, released some new research on counterfeit wine, spirits and cheese. Allan joins the show as our first ever external guest to give us an overview of what that research entailed and the different types of wine fraud he’s observed. By the end of this episode, we’ll all be partners in cybercrime and wine.Join us as we discuss:What is wine fraud and the different types of fraud that fall under the counterfeit umbrellaHow the pandemic impacted wine fraud due to happy hoursSome of the techniques that wine fraudsters are using to try to legitimize the fake winesAllan’s favorite fall wines and recommendations for food pairings Check out these resources we mentioned:https://www.recordedfuture.com/lockdown-rise-wine-domain-scammerhttps://www.recordedfuture.com/counterfeit-wine-spirits-cheesehttps://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-invoice-fraudhttps://www.decanter.com/wine-news/worlds-most-expensive-bottle-claimed-fake-as-renowned-collector-sued-93457/#:~:text=A%20billionaire%20Florida%20wine%20collector,to%20Thomas%20Jefferson%20are%20fakeshttps://www.cbsnews.com/news/billionaire-spends-35m-to-investigate-400k-wine-fraud/https://kermitlynch.com/https://twitter.com/uuallan/status/1561124207727153153 Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Joshua Miller and Michael Raggi, Senior Threat Researchers at Proofpoint, join the show to discuss APT groups targeting and impersonating journalists. Joshua, Michael, and Crista discovered during their research how APT actors use journalist and their leads as a form of espionage to collect sensitive information.Join us as we discuss:Proofpoint’s unique report on APTs targeting journalists and insight into the motivations behind these attacksUnderstanding the “why” behind threat actors targeting or posing as journalists and media organizationsThe most common methods APT actors use in these campaigns to target or pose as journalistsStories about threat actors from China, Iran, Turkey, and moreCheck out these resources we mentioned:https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalistsPrevious episode with Joshua: https://podcasts.apple.com/us/podcast/apt-attribution-trials-and-tribulations-from-the-field/id1612506550?i=1000571269986Previous episode with Michael: https://podcasts.apple.com/us/podcast/web-bugs-the-tubthumping-tactics-of-chinese-threat/id1612506550?i=1000558705940Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Sara Sabotka Senior Threat Researcher on the field-facing team at Proofpoint, joins the show to chat about Misfit Malware. Although it is sometimes referred to as commodity malware, this kind of malicious software is anything but boring. You’ll want to stick around to find out who belongs on the Island of Misfit Malware and the importance of paying attention to the little gang of misfits.Join us as we discuss:How do foreign threat actors go about acquiring commodity malware and how much does it cost?Why Misfit Malware is sometimes easily overlooked by security researchers and defendersKey characteristics of lures that are commonly used by threat actors who use Misfit Malware Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Konstantin Klinger, Senior Security Research Engineer at Proofpoint, joins the show to chat about his role on the threat research team, focusing on DDX (Detonation, Detection, and Extraction). You won’t want to miss his breakdown of the Pyramid of Pain and how to utilize it for threat detection engineering.Join us as we discuss:Real-life examples of complex attack chain with multiple steps and how to they can be detectedUtilizing the Pyramid of Pain for threat detection engineeringHow to write detections for geofencingThe perks of incorporating automated MITRE ATT&CK detections into your sandbox Resources:https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandookhttps://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-easthttps://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionagehttp://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.htmlKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Joshua Miller and Zydeca Cass, Senior Threat Researchers at Proofpoint, join the show to discuss attribution, specifically APT actor attribution. Joshua and Zydeca dive into their experiences of attribution successes and failures, sharing tales of threat actors impersonating Russian opposition leaders and an Iranian kidnapping plot in New York. As Crista says, the good, the bad and the ugly.Join us as we discuss:Understanding the difference between the two types of attributionHow attribution can be used in e-crime versus state-aligned investigationStories from Josh and Zydeca of threat actors they are tracking based in Russia and IranCheck out these resources we mentioned:https://twitter.com/ChicagoCyber/status/1521492543707430912https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdfhttps://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.htmlhttps://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-kidnapping-conspiracy-charges-against-iranianKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Jared Peck, Senior Threat Researcher at Proofpoint, explains cryptocurrency and how bad actors are causing trouble with these new decentralized, anonymous currencies.Join us as we discuss:Credential harvesting and phishingMalicious campaigns and extortionDigital money launderingResources:https://www.proofpoint.com/us/blog/threat-insight/how-cyber-criminals-target-cryptocurrencyhttps://twitter.com/ChicagoCyber/status/1521492543707430912https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.htmlhttps://www.proofpoint.com/us/podcasts/threat-digest#113131https://www.proofpoint.com/us/blog/threat-insight/advance-fee-fraud-emergence-elaborate-crypto-schemesKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!Tony Robinson, Threat Researcher, joins the podcast to share his expertise as a member of the Emerging Threats team at Proofpoint. Tony gives us an inside look into a day in his life as he and his teammates discover new strains of malware, respond to major vulnerabilities, and ensure that customers are protected. He also shares his advice for those interested in a career in Threat Research.Join us as we discuss:How the Emerging Threats team at Proofpoint impacts customers daily livesUsing cybersecurity rule-sets to find new strains of malwareUtilizing the open source security community to write new rules and stay up to date on the developing threat landscapeThe difference between rules detecting threat behaviors vs. indicators of compromise Check out these resources we mentioned:https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence https://twitter.com/da_667/status/1512255056573255693https://twitter.com/da_667/status/1503876806478385168 Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!