Episoder
-
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery.
Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT.
Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved. -
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the use of AI in cyberattacks
Proofpoint recently released two articles on two cyber campaigns: one by the group UNK_SweetSpecter targeting U.S. organizations involved in AI with the SugarGh0st RAT, and another by TA547 targeting German organizations with Rhadamanthys malware.
Today we look at what the focus of threat actor objectives are and what that means for defenders. -
Manglende episoder?
-
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "Operation Endgame."
Operation Endgame is a strategy by Western law enforcement to counter Russian cybercriminals through psychological tactics. This involves creating distrust among hackers, exposing their internal communications, and dismantling their anonymity to hinder their operations. You can find more information on Operation Endgame here.
Today we look at the new tactics used to disrupt these criminals by eroding trust among them and undermining their anonymity. -
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID."
IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023.
Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off.
Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape.
