DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!Threat actors are disarming their victims with a new approach: The long game. Instead of asking for money or gift cards upfront, they build a connection and confidence until they cash in on the big payout. In this episode of Discarded, Selena Larson and Crista Giering are joined by Proofpoint team members: Tim Kromphardt, Email Fraud Researcher, and Genina Po, Threat Analyst, to discuss socially engineered attacks and how victims are tricked. Join us as we discuss:Understanding what pig butchering isHow the scam blindsides victimsThe evolution of the fraud from China to other countries in AsiaResources mentioned: https://www.rappler.com/business/chinese-mafia-trafficking-filipinos-lure-lonely-professionals-cryptocurrency-scam/https://finance.yahoo.com/news/chinese-mafia-forcing-filipinos-crypto-034555327.htmlhttps://www.youtube.com/watch?v=720qUBQZJZ0https://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://www.vice.com/en/article/n7zb5d/pig-butchering-scam-cambodia-traffickingKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!As the end of year is rapidly approaching, it’s important to reflect back on some of the top learnings for the year. In this special holiday edition of The Discarded podcast, Selena and Crista are joined by Mindy Semling, Podcast Producer at Proofpoint, to answer questions on their favorite things from threat research over the past year — from blogs to malware to holiday songs, we cover it all. Join us as we discuss:Celebrating the yearThe 12 favorites A thank you to our guestsResources mentioned: https://www.proofpoint.com/us/blog/threat-insight/exploiting-covid-19-how-threat-actors-hijacked-pandemichttps://www.proofpoint.com/us/blog/threat-insight/broken-dreams-and-piggy-banks-pig-butchering-crypto-fraud-growing-onlinehttps://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming https://medium.com/mitre-attack/intelligence-failures-of-lincolns-top-spies-what-cti-analysts-can-learn-from-the-civil-war-35be8d12884For more research, check out the Proofpoint Threat Insight blog: https://www.proofpoint.com/us/blog/threat-insight Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this highly entertaining episode of DISCARDED, Selena Larson and Crista Giering host a wild round of “Ask Me Anything,” with Sherrod DeGrippo, VP of Threat Research and Detection, and Daniel Blackford, Threat Researcher at Proofpoint. Featuring insightful questions from listeners and former guests, these industry experts cover a wide range of topics, from silly to serious.Join us as we discuss:The most boring malware and common threat actor mistakesNew developments in Ukraine and the Global SouthA proliferation of mobile malware and sports-related attacksKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!Social proof is a potent tool, even in the absence of direct support. When someone is pressured to do something in the presence of trusted peers, they are more likely to follow through unless someone objects. Unfortunately, threat actors have taken notice and are investing significant time and resources into looking like a trusted party to gain access to your personal information.Josh Miller and Sam Scholten join this episode to share their experiences with the evolving intellect of attackers and their multifaceted breach strategies. Using multi-persona impersonation (MPI), attackers establish multiple accounts and increase trust by manipulating social validation — a psychological tool.Join us as we discuss:The evolution of MPIsEmail fraud taxonomyThe role of MPI in business email compromiseResources: https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo https://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-proofpoint-framework Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Dr. Zachary Abzug, Manager and Tech Lead of Data Science at Proofpoint joins the show to discuss a machine learning enabled tool called Camp Discovery, AKA Camp Disco and the importance of the human interaction required for making use of machine learning in malware detection.Join us as we discuss:What exactly Camp Disco is and the need/idea behind its creationHow Camp Disco played a role in the discovery of Chocolatey threat activityWhy Camp Disco uses its own neural network language model instead of an existing language modelNatural Language Processing and how to teach a computer to speak “malware”    Check out these resources we mentioned:https://www.proofpoint.com/us/blog/engineering-insights/using-neural-network-language-model-instead-of-bert-gpt https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques https://www.proofpoint.com/us/company/careers   Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Joe Wise, Threat Researcher at Proofpoint, joins the show to discuss his and Selena’s research into a small e-crime actor, TA558 and its targeting against the hospitality and travel e-crime sector since at least 2018.Join us as we discuss:Classifying threat actors and how it relates to s’moresUnderstanding e-crime vs. APT actorsWhy hospitality and travel e-crimes are still successfulTA558’s TTPs and how their consistencies have aided in Proofpoint’s attribution of their activity over the yearsJoe shares his theories on why TA558 uses so many different malware typesCheck out these resources we mentioned:https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel https://embed.sounder.fm/play/299042  Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!Cybersecurity doesn't have to be spooky this Halloween.In this episode, Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, joins the show to discuss all things cybersecurity awareness so you can be prepared, not scared, this October. So grab a sweet treat and pull up a seat, the Hallow-queen is about to give her hot takes!Join us as we discuss:The growing risk of TOADs (Telephone Oriented Attack Delivery)Benign phishing reconnaissance emails by threat actorsWhat you need to know to adapt to this ever changing threat landscapeBring awareness to cybersecurity this October, even on ghost toursCheck out these resources we mentioned:https://www.proofpoint.com/us/cybersecurity-awareness-hub https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!All for wine, and wine for all. But only if it isn’t fraudulent.In July 2022, Allan Liska, an analyst at Recorded Future and wine expert, released some new research on counterfeit wine, spirits and cheese. Allan joins the show as our first ever external guest to give us an overview of what that research entailed and the different types of wine fraud he’s observed. By the end of this episode, we’ll all be partners in cybercrime and wine.Join us as we discuss:What is wine fraud and the different types of fraud that fall under the counterfeit umbrellaHow the pandemic impacted wine fraud due to happy hoursSome of the techniques that wine fraudsters are using to try to legitimize the fake winesAllan’s favorite fall wines and recommendations for food pairings Check out these resources we mentioned:https://www.recordedfuture.com/lockdown-rise-wine-domain-scammerhttps://www.recordedfuture.com/counterfeit-wine-spirits-cheesehttps://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-invoice-fraudhttps://www.decanter.com/wine-news/worlds-most-expensive-bottle-claimed-fake-as-renowned-collector-sued-93457/#:~:text=A%20billionaire%20Florida%20wine%20collector,to%20Thomas%20Jefferson%20are%20fakeshttps://www.cbsnews.com/news/billionaire-spends-35m-to-investigate-400k-wine-fraud/https://kermitlynch.com/https://twitter.com/uuallan/status/1561124207727153153 Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Joshua Miller and Michael Raggi, Senior Threat Researchers at Proofpoint, join the show to discuss APT groups targeting and impersonating journalists. Joshua, Michael, and Crista discovered during their research how APT actors use journalist and their leads as a form of espionage to collect sensitive information.Join us as we discuss:Proofpoint’s unique report on APTs targeting journalists and insight into the motivations behind these attacksUnderstanding the “why” behind threat actors targeting or posing as journalists and media organizationsThe most common methods APT actors use in these campaigns to target or pose as journalistsStories about threat actors from China, Iran, Turkey, and moreCheck out these resources we mentioned:https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalistsPrevious episode with Joshua: https://podcasts.apple.com/us/podcast/apt-attribution-trials-and-tribulations-from-the-field/id1612506550?i=1000571269986Previous episode with Michael: https://podcasts.apple.com/us/podcast/web-bugs-the-tubthumping-tactics-of-chinese-threat/id1612506550?i=1000558705940Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Send us fan mail!In this episode, Sara Sabotka Senior Threat Researcher on the field-facing team at Proofpoint, joins the show to chat about Misfit Malware. Although it is sometimes referred to as commodity malware, this kind of malicious software is anything but boring. You’ll want to stick around to find out who belongs on the Island of Misfit Malware and the importance of paying attention to the little gang of misfits.Join us as we discuss:How do foreign threat actors go about acquiring commodity malware and how much does it cost?Why Misfit Malware is sometimes easily overlooked by security researchers and defendersKey characteristics of lures that are commonly used by threat actors who use Misfit Malware Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!