DISCARDED: Tales From the Threat Research Trenches

Hello to all our Cyber Cherry Blossoms! Join host Selena Larson and guest host, Tim Kromphardt, a Senior Threat Researcher, as they chat with Andrew Couts, Senior Editor, Security and Investigations at WIRED.

Andrew shares insights into his work overseeing cybersecurity coverage and investigative reporting, collaborating with newsrooms, and uncovering the hidden threats lurking in the digital world.

We dive into how cybersecurity and privacy reporting has evolved, the growing risks posed by data collection and surveillance, and the challenges of informing the public around security experimentation. 

We also discuss:

• Recent investigations on ad tech, police drone surveillance, and the unintended consequences of data tracking
• The rise of "pig butchering" scams and the difficulties in shutting them down
• How the Freedom of Information Act (FOIA) serves as a powerful tool for uncovering hidden government actions
• The real-world dangers journalists face when reporting on cybercriminals—such as swatting and online retaliation
• The double-edged sword of privacy—how encryption and digital anonymity can both protect individuals and make it harder to track cybercriminals

Join us for a fascinating deep dive into the world of digital security, investigative journalism, and the real-life implications of living in an era where our data is constantly at risk. 

Resources Mentioned:

Leveling Up Your Cybersecurity–WIRED Guide

https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

https://www.wired.com/story/the-age-of-the-drone-police-is-here/

https://www.wired.com/story/starlink-scam-compounds/

https://www.wired.com/story/alan-filion-torswats-swatting-arrest/

https://www.wired.com/story/no-lives-matter-764-violence/ (Content warning: self-harm, violence) 

https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

https://www.wired.com/story/how-to-take-photos-at-protests/

 For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!

Hello to all our Remote Cyber Pals! Join host Selena Larson and guest host, Tim Kromphardt, a  Senior Threat Researcher, as they chat with Staff Threat Researcher, Ole Villadsen, from Proofpoint. They explore the broader shift from traditional malware to commercially available tools that fly under the radar and how cybercriminals are increasingly abusing Remote Monitoring and Management (RMM) tools (sometimes called Remote Access Software) to gain initial access in email-based attacks. 

 Topics Covered:

• The growing use of such tools like ScreenConnect, Atera, and NetSupport in cyberattacks
• How threat actors are shifting from traditional malware loaders to commercially available tools
• TA583’s adoption of RMM tools as a primary attack method
• The role of social engineering in phishing lures, including Social Security scams
• The impact of cybersecurity influencers and scam-baiting YouTubers on threat awareness
• The ongoing arms race between cybercriminals and defenders

From stealthy intrusions to shifting cybercrime trends, this conversation uncovers the critical threats organizations face in 2025.

Resources Mentioned:

https://www.proofpoint.com/us/blog/threat-insight/remote-monitoring-and-management-rmm-tooling-increasingly-attackers-first-choice

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!

Hello to all our Cyber Pals! Join host Selena Larson and guest hosts, Sarah Sabotka and Tim Kromphardt, both Senior Threat Researchers from Proofpoint, as they dive into the realities of current social engineering schemes —especially during high-risk times like tax season. Cybercriminals exploit fear, urgency, and excitement to manipulate victims, from IRS impersonation scams and fraudulent tax payment requests to deepfake cons and TikTok frauds.

Our hosts dive into real-world examples, including:

• tax-themed phishing attacks
• tech support scams targeting the elderly
• job scams leveraging Taylor Swift’s tour

They explore how AI is reshaping fraud tactics, why scammers still rely on outdated schemes like overseas financial windfalls, and how platforms like WhatsApp and Telegram play a role in modern cybercrime.

Tune in to learn how these scams work, why they succeed, and—most importantly—how you can protect yourself. Check out our show notes for additional resources, and don’t forget to share this episode with friends and colleagues!

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!

Hello to all our Cyber Pals! Join host Selena Larson and guest host, Sarah Sabotka, as they speak with Kyle Eaton, Senior Security Research Engineer at Proofpoint.

They explore the evolving world of image-based threat detection and the deceptive tactics cybercriminals use to evade defenses. From image lures embedded in emails, PDFs, and Office documents to the surprising ways attackers reuse visuals across campaigns, this conversation break down how detection engineering is adapting to counter new threats.

There is also examination of how AI is shaping both cyber deception and detection, raising the question of how generative AI is influencing image-based security.

Listeners will gain insights into real-world detection successes, persistent threats like TA505 and Emotet, and the role of instincts in cybersecurity—because, as Selena notes, sometimes good detection is all about the vibes. 

Key Topics Covered:

• Characteristics of Image-Based Threats
• Groups like TA505 and Emotet historically using recognizable image lures
• OneNote-Based Malware Detection (2023) & the Challenges with OneNote
• Shift to PDF-Based Threats
• PDF Object Hashing for Attribution & Detection
• Image-Based Threat Detection Insights
• Generative AI’s Impact on Image-Based Threats

Join us as we uncover real-world detection wins, explore persistent threats like TA505 and Emotet, and dive into the importance of instincts in cybersecurity—because, as our guest puts it, sometimes good detection is all about the vibes.

Resources mentioned:

https://github.com/target/halogen

https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

Hey Cyber Pals! This week we are doing a very special spotlight on a recent episode from Only Malware in the Building. Our very own, Selena Larson, also co-hosts on this fabulous podcast. 

Be sure to check it out and enjoy!

Find more OMIB: https://thecyberwire.com/podcasts/only-malware-in-the-building/9/notes

—------------------------------------------------

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode and since it is February (the month of love as Selena calls it), we talk about romance scams known throughout the security world as pig butchering. And, Rick's experiencing a bit of a Cyber Groundhog Day in his newly-realized retirement.

• Public-private partnership success stories
• NSA’s approach to global collaboration
• The shift from information consumption to actionable intelligence sharing
• The average American's cybersecurity concerns
• Insights into the collaborative efforts needed to counter cyber threats
• Naming malware campaigns

• Collaborative Efforts: How teams work together to identify scam websites, gather evidence, and escalate for takedown.
• Tools and Techniques: Using tools like domain search, backend kits identification, and IP-based connections to uncover related sites.
• Challenges in Takedowns: Managing lists of hundreds of domains across multiple providers, verifying live activity, and the need for ongoing monitoring.
• Threat Actor Behavior: How threat actors use multiple registrars or re-register domains to evade detection.
• Best Practices for Organizations:
  • Preemptively purchasing lookalike domains.
  • Monitoring new domain registrations for suspicious activity.
  • Educating users to identify and avoid malicious domains.
• Ethical Considerations: Balancing infrastructure disruption with the need for ongoing research, particularly for cyber espionage threats.
• Favorite Wins: Memorable investigations, such as takedowns during the Super Bowl, fake Olympics ticket scams, and real-time disruption of pig-butchering schemes.

• the strategic importance of edge devices, pre-positioning for geopolitical escalations, and the intersection of espionage, gaming, and cybercrime 
• Operational Relay Boxes (ORBs), covert networks used by Chinese Advanced Persistent Threat (APT) groups to mask cyber activities 
• exploitation of non-traditional systems and vulnerabilities
• the impact of compromised consumer devices on global cybersecurity

• proactive measures against phishing and fraud sites, with Proofpoint using "takedown" services to remove malicious domains, disrupting scams before they impact users
• the importance of questioning biases, particularly in cyber threat intelligence where assumptions can shape classifications and responses
• collaboration with Chainalysis to connect various scams through cryptocurrency wallets, showing cross-over between different fraud types

• how psychological manipulation can be just as damaging as technical vulnerabilities
• resources for victims, and how people can identify hallmarks of these types of scams 
• the role of automation and AI in scaling scams

• how these groups exploit cloud environments
• concerning trends such as the rise of reverse proxy-based toolkits and MFA bypass techniques
• the importance of identity-focused defense strategies and how threat actors customize tools to infiltrate cloud systems, steal data, and monetize compromised accounts

• the challenge of detecting and mitigating these types of threats and the importance of staying ahead of the evolving attack strategies 
• the motivations behind these campaigns
• why traditional defense mechanisms may fall short

• how state-sponsored actors from DPRK, Russia, and China are interested in espionage around election related topics 
• the impersonation of various government entities for phishing purposes, revealing the creativity and resourcefulness of threat actors
• while cyber threats are pervasive, the integrity of the voting process remains strong, backed by robust defenses and ongoing efforts by dedicated professionals

• the quirky and often amusing names given to malware campaigns in the cybersecurity world.
• unexpected connections between cybersecurity and pop culture, featuring a discussion on how celebrities like Taylor Swift handle digital security.
• what recent activity suggests about the actors’ changing tactics.

• the concept of the "pyramid of pain" and how spending too much time on IOCs can be a losing battle against agile threat actors
• the value of empathy and collaboration among security teams
• practical steps for building shared lab environments

• the intricate world of cryptocurrency and its unintended consequence of fueling ransomware attacks 
• the rise of pig butchering scams, now dwarfing ransomware in financial impact
• the ethical dilemmas and real-world consequences of cybercrime

• evasion strategies, including temperature checks, geofencing, and human detection mechanisms
• the use of publicly available tools by malware authors
• the future of AI and large language models (LLMs) in both aiding and combating cyber threats

• Evasive Malware by Kyle Cucci
• SentinelOne Research: https://www.sentinelone.com/blog/blackmamba-chatgpt-polymorphic-malware-a-case-of-scareware-or-a-wake-up-call-for-cyber-security/