Threat Hub

The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.

| Weekly Brief

How North Korea's international isolation shapes its cyber attacks. And a new webinar explores findings from this year's State of the Phish report.

This week on The Threat Hub: State-sponsored attackers, also known as advanced persistent threats (APTs), capture the imagination because the stakes are so high. Groups from Russia, Iran and China have been involved in espionage, spreading propaganda, and even full-blown sabotage in some cases. But for North Korean attacker TA444, the situation is a little different. Unlike its international APT counterparts, the group’s primary goal is raising funds by stealing cryptocurrency. And they’re pretty good at it, making off with more than $1 billion during 2022. A recent episode of the Discarded podcast has all these details and more. Join senior threat researcher Greg Lesnewich and hosts Selena Larson and Crista Giering for a closer look at TA444, as well as a wider conversation about how international isolation shapes North Korea’s approach to cyber espionage.

Following on from the launch of this year’s State of the Phish report, phishing and security awareness expert Sara Pan, recently hosted a webinar exploring the biggest insights. Direct financial losses from phishing rose by 76% last year, while most users still have gaps in their understanding of key concepts. Check out the on-demand recording for a rapid overview and some targeted recommendations.

And on this week’s Five-Minute Forecast, Microsoft sets out plans to curtail OneNote abuse, Emotet returns after a three month break, and senior threat intelligence analyst Crista Giering discusses new activity by Russian propaganda and disinformation group, TA499.

Insights Chart of the Week
Ransomware post-payment outcomes, 2022
To Pay or Not To Pay?

According to this year's State of the Phish report, only around half of ransomware victims received their data after making an initial payment. Over 40% were required to pay more than one ransom before regaining access, while 1% paid and got nothing at all in return.

Equip your team with threat intelligence

Blog Post
Chatbot Phishing: What You Need to Know

What do conversational A.I. systems like ChatGPT mean for the future of cyber attack and defense?

Threat Insight
TA444 Takes Aim at Cryptocurrency from North Korea

State-sponsored attackers are usually engaged in espionage, but this APT is more interested in Bitcoin.

Threat Insight
OneNote Attacks On the Upswing As Macros Fade

Attackers exploit another component of Microsoft's 365 suite as they adjust to a post-macro world.

Go Deeper with our Premium Threat Info Service

Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.

Learn More
Threat Report
The Human Factor 2022

Drawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.

Threat Report
2023 State of the Phish

This year’s report dives deep into today’s threats—and how prepared users are to face them. Get a wealth of data, insight and advice based on knowledge assessments, self-reported cybersecurity habits and actual responses to simulated phishing emails.

About The Threat Research Team

Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.

By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Threat Hub Chart of the Week
Follow us @threatinsight:

Subscribe to the Proofpoint Blog