DISCARDED: Tales From the Threat Research Trenches

Proofpoint
  • 5.0 (52)
  • TECHNOLOGY
  • UPDATED BIWEEKLY
DISCARDED: Tales From the Threat Research Trenches

DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more. Welcome to DISCARDED

  1. 12/17/2024

    Hackers, Heists, and Heroes: The Evolving Ransomware Game

    Hello to all our Cyber Pals! Join host Selena Larson and guest, ransomware expert, Allan Liska, CSIRT at Recorded Future, drops by to share his creative take on cyber-themed graphic novels, proving there’s nothing ransomware can’t inspire—even superheroes.  In this episode, we uncover the shadowy ecosystem driving ransomware attacks, from the industrialization of cybercrime to the rise of "small-batch" threat actors redefining chaos. Explore how Operation Endgame dealt a devastating blow to malware powerhouses like Pikabot and SmokeLoader, shaking trust within underground networks and leaving cybercriminals scrambling to regroup. We’ll also decode the evolving tactics of ransomware gangs, from slick AI-powered voice disguises to the surprising shift toward consumer scams. Plus, we’ll discuss whether law enforcement’s crackdown will make ransomware too expensive for crooks, forcing them to rethink their game plans—or at least settle for less glamorous schemes like crypto theft. Don’t miss the Champagne pick that pairs perfectly with ransomware disruptions! 🥂 Resources mentioned: https://www.chainalysis.com/blog/2024-crypto-crime-mid-year-update-part-1/ https://www.marketplace.org/shows/marketplace-tech/how-scammers-hijack-their-victims-brains/ https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-report https://www.proofpoint.com/us/blog/threat-insight/major-botnets-disrupted-global-law-enforcement-takedown https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware https://therecord.media/russian-national-in-custody-extradited https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/ https://therecord.media/chamelgang-china-apt-ransomware-distraction https://urldefense.com/v3/__https://www.recordedfuture.com/research/outmaneuvering-rhysida-advanced-threat-intelligence-shields-critical-infrastructure-ransomware__;!!ORgEfCBsr282Fw!pYnNQZUQJLJTFlj5w7PcWRjyr6rh-logFnqo03_Mz19RUrK4rftQU1qbTj_iql3KNjn4Ub7a5LsDLpCJgdJQSA$ For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    57 min

  2. 12/03/2024

    Stealth, Scale, and Strategy: Exploring China’s Covert Network Tactics

    Hello to all our Cyber Frogs! Join host Selena Larson and guest host, Sarah Sabotka, explore the evolving tactics of China-based nation-state threat actors with guest Mark Kelly, Staff Threat Researcher at Proofpoint. They focus on TA415 (APT41 or Brass Typhoon), examining its combination of cybercrime and state-sponsored espionage. From the Voldemort malware campaign to targeting critical infrastructure, Mark sheds light on how these actors leverage tools like Google Sheets for command and control, exploit vulnerabilities, and adapt to evade detection. The discussion also highlights:the strategic importance of edge devices, pre-positioning for geopolitical escalations, and the intersection of espionage, gaming, and cybercrime Operational Relay Boxes (ORBs), covert networks used by Chinese Advanced Persistent Threat (APT) groups to mask cyber activities exploitation of non-traditional systems and vulnerabilitiesthe impact of compromised consumer devices on global cybersecurity Resources mentioned: https://www.nytimes.com/2024/10/26/us/politics/salt-typhoon-hack-what-we-know.html https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/ https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/ For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    49 min

  3. 11/15/2024

    Scams, Smishing, and Safety Nets: How Emerging Threats Catches Phish

    Hello to all our Cyber Pals! Join host Selena Larson and guest, Genina Po, Threat Researcher at Emerging Threats at Proofpoint. She shares how she tackles emerging cyber threats, breaking down the process of turning data into detection signatures. Using tools like Suricata to create detections for malicious activity, she maps out her approach to writing rules that identify and block these threats. The goal? Equip companies to stay secure, and encourage listeners with the skills to spot and prevent scams on their own. Genina shares her journey tracking pig butchering scams through thousands of domains and URLs. She reveals patterns—certain headers and markers—that help identify these sites amid a flood of data, and she describes the challenges in detection, as scammers increasingly vary their setups to evade filters.  Also discussed:proactive measures against phishing and fraud sites, with Proofpoint using "takedown" services to remove malicious domains, disrupting scams before they impact usersthe importance of questioning biases, particularly in cyber threat intelligence where assumptions can shape classifications and responsescollaboration with Chainalysis to connect various scams through cryptocurrency wallets, showing cross-over between different fraud typesResources mentioned: Book: Why Fish Don’t Exist by Lulu Miller For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    51 min

  4. 10/29/2024

    Pig Butcher Scammers Put Job Seekers On The Menu

    A note to our listeners, this episode contains some content our listeners might find upsetting including mentions of human trafficking.  Hello to all our Pumpkin Spice Cyber Friends! Join host Selena Larson  and guest host, Sarah Sabotka as they chat with senior threat researcher and fraud expert Tim Kromphardt. They talk about the world of pig butchering and crypto romance scams, where Tim discusses how these scams manipulate victims' feelings, making it incredibly hard to escape, even when presented with evidence of the scam. And how these threat actors have expanded their enterprises to include job scamming. He explains the challenges of tracking funds through cryptocurrency systems, and why these scams are so profitable.   The episode highlights the need for victims to speak out and share their stories without shame, breaking the cycle and raising awareness. Also discussed:how psychological manipulation can be just as damaging as technical vulnerabilitiesresources for victims, and how people can identify hallmarks of these types of scams the role of automation and AI in scaling scams Resources mentioned: globalantiscam.org For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    39 min

  5. 10/15/2024

    Under Siege: How Hackers Exploit Cloud Vulnerabilities

    Hello to all our Cyber Ghosts! Join host Selena Larson  as she chats with Eilon Bendet– Cloud Threat Researcher from Proofpoint. ​​From account takeovers to state-sponsored hacks, they uncover how cybercriminals are outsmarting traditional defenses – and why even multi-factor authentication might not be enough to keep them out.  Together, they discuss the complexities of cloud threat detection, including the role of User and Entity Behavior Analytics (UEBA) in identifying suspicious activities and preventing account takeovers (ATO). Eilon breaks down two primary ATO threat vectors—credential-based brute force attacks and precision-targeted phishing campaigns.  Also discussed:how these groups exploit cloud environmentsconcerning trends such as the rise of reverse proxy-based toolkits and MFA bypass techniquesthe importance of identity-focused defense strategies and how threat actors customize tools to infiltrate cloud systems, steal data, and monetize compromised accounts Resources mentioned: MACT or malicious applications blog: https://www.proofpoint.com/us/blog/cloud-security/revisiting-mact-malicious-applications-credible-cloud-tenants For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    33 min

  6. 09/30/2024

    Champagne Attack Chains on a Kool-Aid Budget

    Hello to all our Pumpkin Spice cyber friends! Join host Selena Larson and today’s co-host, Tim Kromphardt, as they chat with Joe Wise, Senior Threat Researcher and Kyle Cucci, Staff Threat Researcher both from Proofpoint. Together, they unpack recent campaigns involving the abuse of legitimate services, particularly focusing on the clever tactics used by cybercriminals to evade detection.Joe and Kyle discuss a fascinating trend where attackers are leveraging Cloudflare’s temporary tunnels, bundling Python packages, and deploying a range of malware like Xworm and Venom Rat. They explore the increasing abuse of legitimate services like Google Drive, Adobe Acrobat, and Dropbox, which allow attackers to blend in with regular business traffic. The conversation also touches on a range of threat clusters, including Exormactor and Voldemort malware, and TA2541, who have consistently leveraged Google Drive URLs to spread malicious content.  Also discussed: the challenge of detecting and mitigating these types of threats and the importance of staying ahead of the evolving attack strategies the motivations behind these campaignswhy traditional defense mechanisms may fall short Resources mentioned: https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort https://www.proofpoint.com/us/blog/threat-insight/scammer-abuses-microsoft-365-tenants-relaying-through-proofpoint-servers-deliver For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    34 min

  7. 09/17/2024

    Guarding the Vote: Unmasking Cyber Threats in Election Season

    Hello to all our cyber citizens! Join host Selena Larson and today’s co-host, Tim Kromphardt, as they chat with Joshua Miller, Senior Threat Researcher and Rob Kinner, Senior Threat Analyst both from Proofpoint. With election season on the horizon, cyber attackers are sharpening their tactics—impersonating government agencies, emailing journalists, and crafting sophisticated phishing schemes. But how real is the threat? And what can be done to protect our democracy from the digital shadows? Today, we pull back the curtain on the unseen battles being fought in cyberspace and what it means for voters, journalists, and defenders alike. The discussion covers a range of election threats, from malicious domains, impersonation, and typo-squatting to sophisticated credential phishing campaigns that exploit government and election-related themes. Also discussed:how state-sponsored actors from DPRK, Russia, and China are interested in espionage around election related topics the impersonation of various government entities for phishing purposes, revealing the creativity and resourcefulness of threat actorswhile cyber threats are pervasive, the integrity of the voting process remains strong, backed by robust defenses and ongoing efforts by dedicated professionals Resources mentioned: https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists https://www.proofpoint.com/us/blog/threat-insight/media-coverage-doesnt-deter-actor-threatening-democratic-voters For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    33 min

  8. 09/04/2024

    Very Mindful, Very APT: Inside the Activity of Current Espionage Actors

    Hello to all our mindful and demure cyber sleuths! Join host Selena Larson and today’s co-host, Sarah Sabotka as they chat with Joshua Miller and Greg Lesnewich, Threat Researchers at Proofpoint about the ever-evolving world of advanced persistent threats (APTs). The team unravels the latest espionage tactics of threat actors from Iran, North Korea, and Russia, exploring everything from Iran’s sophisticated social engineering campaigns to North Korea’s customized Mac malware. They also highlight the increasing interest in MacOS malware in the cybercrime landscape and examine examine the threat posed by a group targeting AI researchers with unique malware like "SugarGh0st RAT." Also discussed:the quirky and often amusing names given to malware campaigns in the cybersecurity world.unexpected connections between cybersecurity and pop culture, featuring a discussion on how celebrities like Taylor Swift handle digital security.what recent activity suggests about the actors’ changing tactics. Resources mentioned: SleuthCon Talk: Presenter, Selena Larson Rivers of Phish from CitizenLab https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta450-uses-embedded-links-pdf-attachments-latest-campaign https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds https://www.theguardian.com/music/shortcuts/2019/jan/29/digital-security-taylor-swift-facetime-privacy-bug-breaches https://www.youtube.com/watch?v=LYHmTjFW-nY https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week https://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american  For more information about Proofpoint, check out our website. Subscribe & Follow: Don't...

    50 min
See All (71)

5
out of 5
52 Ratings

About

DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more. Welcome to DISCARDED

Information

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada