13 DEC 2022 · In this highly entertaining episode of DISCARDED, Selena Larson and Crista Giering host a wild round of “Ask Me Anything,” with Sherrod DeGrippo, VP of Threat Research and Detection, and Daniel Blackford, Threat Researcher at Proofpoint.  Featuring insightful questions from listeners and former guests, these industry experts cover a wide range of topics, from silly to serious. Join us as we discuss: The most boring malware and common threat actor mistakes New developments in Ukraine and the Global South A proliferation of mobile malware and sports-related attacks Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

29 NOV 2022 · Social proof is a potent tool, even in the absence of direct support. When someone is pressured to do something in the presence of trusted peers, they are more likely to follow through unless someone objects. Unfortunately, threat actors have taken notice and are investing significant time and resources into looking like a trusted party to gain access to your personal information. Josh Miller and Sam Scholten join this episode to share their experiences with the evolving intellect of attackers and their multifaceted breach strategies. Using multi-persona impersonation (MPI), attackers establish multiple accounts and increase trust by manipulating social validation — a psychological tool. Join us as we discuss: The evolution of MPIs Email fraud taxonomy The role of MPI in business email compromise Resources:  https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo https://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-proofpoint-framework Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

9 NOV 2022 · In this episode, Dr. Zachary Abzug, Manager and Tech Lead of Data Science at Proofpoint joins the show to discuss a machine learning enabled tool called Camp Discovery, AKA Camp Disco and the importance of the human interaction required for making use of machine learning in malware detection. Join us as we discuss: What exactly Camp Disco is and the need/idea behind its creation How Camp Disco played a role in the discovery of Chocolatey threat activity Why Camp Disco uses its own neural network language model instead of an existing language model Natural Language Processing and how to teach a computer to speak “malware”     Check out these resources we mentioned: https://www.proofpoint.com/us/blog/engineering-insights/using-neural-network-language-model-instead-of-bert-gpt  https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails  https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques  https://www.proofpoint.com/us/company/careers    Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

25 OCT 2022 · In this episode, Joe Wise, Threat Researcher at Proofpoint, joins the show to discuss his and Selena’s research into a small e-crime actor, TA558 and its targeting against the hospitality and travel e-crime sector since at least 2018. Join us as we discuss: Classifying threat actors and how it relates to s’mores Understanding e-crime vs. APT actors Why hospitality and travel e-crimes are still successful TA558’s TTPs and how their consistencies have aided in Proofpoint’s attribution of their activity over the years Joe shares his theories on why TA558 uses so many different malware types Check out these resources we mentioned: https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel  https://embed.sounder.fm/play/299042   Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

11 OCT 2022 · Cybersecurity doesn't have to be spooky this Halloween. In this episode, Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, joins the show to discuss all things cybersecurity awareness so you can be prepared, not scared, this October. So grab a sweet treat and pull up a seat, the Hallow-queen is about to give her hot takes! Join us as we discuss: The growing risk of TOADs (Telephone Oriented Attack Delivery) Benign phishing reconnaissance emails by threat actors What you need to know to adapt to this ever changing threat landscape Bring awareness to cybersecurity this October, even on ghost tours Check out these resources we mentioned: https://www.proofpoint.com/us/cybersecurity-awareness-hub  https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence  Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

27 SEP 2022 · All for wine, and wine for all. But only if it isn’t fraudulent. In July 2022, Allan Liska, an analyst at Recorded Future and wine expert, released some new research on counterfeit wine, spirits and cheese. Allan joins the show as our first ever external guest to give us an overview of what that research entailed and the different types of wine fraud he’s observed. By the end of this episode, we’ll all be partners in cybercrime and wine. Join us as we discuss: What is wine fraud and the different types of fraud that fall under the counterfeit umbrella How the pandemic impacted wine fraud due to happy hours Some of the techniques that wine fraudsters are using to try to legitimize the fake wines Allan’s favorite fall wines and recommendations for food pairings  Check out these resources we mentioned: https://www.recordedfuture.com/lockdown-rise-wine-domain-scammer https://www.recordedfuture.com/counterfeit-wine-spirits-cheese https://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-invoice-fraud https://www.decanter.com/wine-news/worlds-most-expensive-bottle-claimed-fake-as-renowned-collector-sued-93457/#:~:text=A%20billionaire%20Florida%20wine%20collector,to%20Thomas%20Jefferson%20are%20fakes https://www.cbsnews.com/news/billionaire-spends-35m-to-investigate-400k-wine-fraud/ https://kermitlynch.com/ https://twitter.com/uuallan/status/1561124207727153153  Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

13 SEP 2022 · In this episode, Joshua Miller and Michael Raggi, Senior Threat Researchers at Proofpoint, join the show to discuss APT groups targeting and impersonating journalists. Joshua, Michael, and Crista discovered during their research how APT actors use journalist and their leads as a form of espionage to collect sensitive information. Join us as we discuss: Proofpoint’s unique report on APTs targeting journalists and insight into the motivations behind these attacks Understanding the “why” behind threat actors targeting or posing as journalists and media organizations The most common methods APT actors use in these campaigns to target or pose as journalists Stories about threat actors from China, Iran, Turkey, and more Check out these resources we mentioned: https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists Previous episode with Joshua: https://podcasts.apple.com/us/podcast/apt-attribution-trials-and-tribulations-from-the-field/id1612506550?i=1000571269986 Previous episode with Michael: https://podcasts.apple.com/us/podcast/web-bugs-the-tubthumping-tactics-of-chinese-threat/id1612506550?i=1000558705940 Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

23 AUG 2022 · In this episode, Sara Sabotka Senior Threat Researcher on the field-facing team at Proofpoint, joins the show to chat about Misfit Malware. Although it is sometimes referred to as commodity malware, this kind of malicious software is anything but boring. You’ll want to stick around to find out who belongs on the Island of Misfit Malware and the importance of paying attention to the little gang of misfits. Join us as we discuss: How do foreign threat actors go about acquiring commodity malware and how much does it cost? Why Misfit Malware is sometimes easily overlooked by security researchers and defenders Key characteristics of lures that are commonly used by threat actors who use Misfit Malware  Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

9 AUG 2022 · In this episode, Konstantin Klinger, Senior Security Research Engineer at Proofpoint, joins the show to chat about his role on the threat research team, focusing on DDX (Detonation, Detection, and Extraction). You won’t want to miss his breakdown of the Pyramid of Pain and how to utilize it for threat detection engineering. Join us as we discuss: Real-life examples of complex attack chain with multiple steps and how to they can be detected Utilizing the Pyramid of Pain for threat detection engineering How to write detections for geofencing The perks of incorporating automated MITRE ATT&CK detections into your sandbox  Resources: https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

26 JUL 2022 · In this episode, Joshua Miller and Zydeca Cass, Senior Threat Researchers at Proofpoint, join the show to discuss attribution, specifically APT actor attribution. Joshua and Zydeca dive into their experiences of attribution successes and failures, sharing tales of threat actors impersonating Russian opposition leaders and an Iranian kidnapping plot in New York. As Crista says, the good, the bad and the ugly. Join us as we discuss: Understanding the difference between the two types of attribution How attribution can be used in e-crime versus state-aligned investigation Stories from Josh and Zydeca of threat actors they are tracking based in Russia and Iran Check out these resources we mentioned: https://twitter.com/ChicagoCyber/status/1521492543707430912 https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-kidnapping-conspiracy-charges-against-iranian Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!