It has been a busy first quarter for the Proofpoint Threat Research team! Today we have returning guest, Pim Trouerbach, to share his personal stories about his favorite malware and discuss the current landscape, including insights on Pikabot, Latrodectus, and WikiLoader.
The conversation explores the evolution from old school banking trojans to the current favored payloads from major cybercrime actors, and the changes in malware development through the years. Pim shares the different meticulous analysis and research efforts, and we learn about mechanisms to combat the malware.
We also dive into:
- a valuable lesson about the consequences of malware running rampant in a sandbox environment
- the shifts in attack chains and tactics employed by threat actors
- the need for adaptive detection methods to combat evolving cyber threats
Resources mentioned:
Countdown to Zero Day by Kim Zetter
Shareable Links:
https://www.proofpoint.com/us/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-thefthttps://www.proofpoint.com/us/blog/threat-insight/battleroyal-darkgate-cluster-spreads-email-and-fake-browser-updateshttps://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-blackhttps://www.proofpoint.com/us/blog/threat-insight/security-brief-tis-season-tax-hax Pim’s Favorite Malware:
* Emotet: https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-280a
* IcedID: https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid
* Dridex: https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-339a
* Hancitor: https://malpedia.caad.fkie.fraunhofer.de/details/win.hancitor
* Qbot: https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot
* Hikit (APT): https://attack.mitre.org/software/S0009/
* Stuxnet (APT): https://www.penguinrandomhouse.com/books/219931/countdown-to-zero-day-by-kim-zetter/
* Cutwail:
https://malpedia.caad.fkie.fraunhofer.de/details/win.cutwailFor more information,
check out our website.