Threat Hub
The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
Microsoft's “verified publisher” status abused to threaten cloud accounts. And predictions for the year ahead on the Discarded podcast.
This week on The Threat Hub: A verified account is a prized status symbol on social media. And the situation isn’t all that different in the world of enterprise apps. Microsoft’s “verified publisher” status reassures users that a third-party OAuth app is legitimate and trustworthy—increasing the chances that they’ll install it and accept any permissions it requests. So it’s perhaps no surprise that cyber criminals continue to seek and abuse verified publisher status. In previous campaigns, threat actors have compromised existing verified publishers to abuse OAuth privileges. But now our researchers have discovered new methods being used to satisfy Microsoft’s verification requirements. Authenticating a malicious OAuth app can open an organization to a host of dangers, including data theft, brand impersonation and business email compromise. Check out the blog for full details of this new campaign, and recommendations for how to avoid falling prey to similar attacks.
On the latest edition of the Discarded podcast, hosts Selena and Crista are joined by threat research managers Daniel Blackford, Rich Gonzalez and Alexis Dorais-Joncas for a discussion about the year ahead. Topics covered include emerging malicious techniques, the relationship between vulnerabilities and detection, and our experts’ predictions for the threat landscape in 2023. And for an even more detailed look ahead, don't forget to register for our 2023 Threat Landscape webinar.
And on this week’s Five-Minute Forecast, law enforcement takes down Hive ransomware, JD Sports breach exposes 10 million customers in the U.K. to potential identity theft, and threat researcher Greg Lesnewich explains why a North Korean state-sponsored actor is trying to steal cryptocurrency.
Last week we looked at the rise of HTML smuggling during the latter half of 2022. This week we’re breaking those numbers down by threat actor. While we’ve seen a range of known cyber criminals using the technique (and a lot of activity that can’t be readily attributed), high volume threat actors TA570 and TA577 are the most prominent in our data.
Equip your team with threat intelligence
Go Deeper with our Premium Threat Info Service
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreDrawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
Browse the threat hub
Subscribe to the Proofpoint Blog