DISCARDED: Tales From the Threat Research Trenches

A new year has arrived! The 2022 threat landscape had some extremely notable activity, from Russian APT actors to Microsoft's blocking of macros. We saw a lot and can guarantee threat actors won't be slowing down in 2023 and will continue to be a major threat to organizations. In this episode, Threat Research Managers, Alexis Dorais-Joncas, Rich Gonzalaz and Daniel Blackford, join us to share their perspectives on the 2023 threat landscape. Join us as we discuss the following: Additional...

Threat actors are disarming their victims with a new approach: The long game. Instead of asking for money or gift cards upfront, they build a connection and confidence until they cash in on the big payout. In this episode of Discarded, Selena Larson and Crista Giering are joined by Proofpoint team members: Tim Kromphardt, Email Fraud Researcher, and Genina Po, Threat Analyst, to discuss socially engineered attacks and how victims are tricked. Join us as we discuss:Resources...

As the end of year is rapidly approaching, it’s important to reflect back on some of the top learnings for the year. In this special holiday edition of The Discarded podcast, Selena and Crista are joined by Mindy Semling, Podcast Producer at Proofpoint, to answer questions on their favorite things from threat research over the past year — from blogs to malware to holiday songs, we cover it all. Join us as we discuss:Resources mentioned: Keep up with the latest tales from the threat research...

In this highly entertaining episode of DISCARDED, Selena Larson and Crista Giering host a wild round of “Ask Me Anything,” with Sherrod DeGrippo, VP of Threat Research and Detection, and Daniel Blackford, Threat Researcher at Proofpoint. Featuring insightful questions from listeners and former guests, these industry experts cover a wide range of topics, from silly to serious. Join us as we discuss: The most boring malware and common threat actor mistakes New developments in Ukraine and...

Social proof is a potent tool, even in the absence of direct support. When someone is pressured to do something in the presence of trusted peers, they are more likely to follow through unless someone objects. Unfortunately, threat actors have taken notice and are investing significant time and resources into looking like a trusted party to gain access to your personal information. Josh Miller and Sam Scholten join this episode to share their experiences with the evolving intellect of...

In this episode, Dr. Zachary Abzug, Manager and Tech Lead of Data Science at Proofpoint joins the show to discuss a machine learning enabled tool called Camp Discovery, AKA Camp Disco and the importance of the human interaction required for making use of machine learning in malware detection. Join us as we discuss: What exactly Camp Disco is and the need/idea behind its creation How Camp Disco played a role in the discovery of Chocolatey threat activity Why Camp Disco uses its own neural...

In this episode, Joe Wise, Threat Researcher at Proofpoint, joins the show to discuss his and Selena’s research into a small e-crime actor, TA558 and its targeting against the hospitality and travel e-crime sector since at least 2018. Join us as we discuss: Classifying threat actors and how it relates to s’mores Understanding e-crime vs. APT actors Why hospitality and travel e-crimes are still successful TA558’s TTPs and how their consistencies have aided in Proofpoint’s attribution of...

Cybersecurity doesn't have to be spooky this Halloween. In this episode, Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, joins the show to discuss all things cybersecurity awareness so you can be prepared, not scared, this October. So grab a sweet treat and pull up a seat, the Hallow-queen is about to give her hot takes! Join us as we discuss: The growing risk of TOADs (Telephone Oriented Attack Delivery) Benign phishing reconnaissance emails by threat actors What...

All for wine, and wine for all. But only if it isn’t fraudulent. In July 2022, Allan Liska, an analyst at Recorded Future and wine expert, released some new research on counterfeit wine, spirits and cheese. Allan joins the show as our first ever external guest to give us an overview of what that research entailed and the different types of wine fraud he’s observed. By the end of this episode, we’ll all be partners in cybercrime and wine. Join us as we discuss: What is wine fraud and the...

In this episode, Joshua Miller and Michael Raggi, Senior Threat Researchers at Proofpoint, join the show to discuss APT groups targeting and impersonating journalists. Joshua, Michael, and Crista discovered during their research how APT actors use journalist and their leads as a form of espionage to collect sensitive information. Join us as we discuss: Proofpoint’s unique report on APTs targeting journalists and insight into the motivations behind these attacks Understanding the “why”...

In this episode, Sara Sabotka Senior Threat Researcher on the field-facing team at Proofpoint, joins the show to chat about Misfit Malware. Although it is sometimes referred to as commodity malware, this kind of malicious software is anything but boring. You’ll want to stick around to find out who belongs on the Island of Misfit Malware and the importance of paying attention to the little gang of misfits. Join us as we discuss: How do foreign threat actors go about acquiring commodity...

In this episode, Konstantin Klinger, Senior Security Research Engineer at Proofpoint, joins the show to chat about his role on the threat research team, focusing on DDX (Detonation, Detection, and Extraction). You won’t want to miss his breakdown of the Pyramid of Pain and how to utilize it for threat detection engineering. Join us as we discuss: Real-life examples of complex attack chain with multiple steps and how to they can be detected Utilizing the Pyramid of Pain for threat...

In this episode, Joshua Miller and Zydeca Cass, Senior Threat Researchers at Proofpoint, join the show to discuss attribution, specifically APT actor attribution. Joshua and Zydeca dive into their experiences of attribution successes and failures, sharing tales of threat actors impersonating Russian opposition leaders and an Iranian kidnapping plot in New York. As Crista says, the good, the bad and the ugly. Join us as we discuss: Understanding the difference between the two types of...

In this episode, Jared Peck, Senior Threat Researcher at Proofpoint, explains cryptocurrency and how bad actors are causing trouble with these new decentralized, anonymous currencies. Join us as we discuss: Credential harvesting and phishing Malicious campaigns and extortion Digital money...

Tony Robinson, Threat Researcher, joins the podcast to share his expertise as a member of the Emerging Threats team at Proofpoint. Tony gives us an inside look into a day in his life as he and his teammates discover new strains of malware, respond to major vulnerabilities, and ensure that customers are protected. He also shares his advice for those interested in a career in Threat Research. Join us as we discuss: How the Emerging Threats team at Proofpoint impacts customers daily...

Float like a butterfly. Sting like Bumblebee malware. In this episode, Kelsey Merriman, Threat Research Analyst, and Pim Trouerbach, Senior Reverse Engineer, both with Proofpoint, share their insights from their research of the new malware downloader called Bumblebee. You won’t want to miss their breakdown of Bumblebee’s unique characteristics and their predictions of how its features will develop over time. Join us as we discuss: The difference in tracking Crimeware versus AAPT How...

Threat actors always take the path of least resistance to their payday. But it's a mistake to think they aren't willing to put in the work to get a human to hand feed them. Their attempts to manipulate their targets into taking action are called social engineering. What role do people play in cybersecurity? In this episode, Daniel Blackford, Threat Researcher at Proofpoint, explains how bad actors capitalize on our humanity to attack us. Join us as we discuss: What lies beneath 95% of...

When you think about the most costly threat by personal losses, most people will assume ransomware. The real threat, however, is business email compromise (BEC). But why aren’t more companies talking about it, then? In this episode, Tim Kromphardt and Jake G. explain BEC and why organizations need to start paying more attention. Join us as we discuss: The definition of BEC & why companies are paying so little attention Using Supernova to defend against email attacks Reporting on...

Chinese Threat Actor TA416, otherwise known as Mustang Panda, has been active for a long time, and every time they get knocked down, they get up again. In this episode, Michael Raggi, Senior Threat Researcher, and Pim Trouerbach, Senior Reverse Engineer, both with Proofpoint, give us an overview of TA416 — the “Tubthumping” villains of the threat landscape. Join us as we discuss: The evolving tactics of TA416 PlugX malware and control flow flattening Tips for dealing with emerging...

Cybercriminals. They’re just like us. With the Russia Ukraine conflict, Conti found itself at odds with internal team members over the issue — Eventually leading to self destruction. Which begs the question: Are these organizations as impenetrable as we thought? In this episode, we hear from Andrew Northern, Senior Threat Researcher at Proofpoint, about the resurrection of the Emotet malware, the Conti implosion, and advice to cyber defenders. Join us as we discuss: The journey leading...