Threat Hub

The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.

| Weekly Brief

Microsoft's “verified publisher” status abused to threaten cloud accounts. And predictions for the year ahead on the Discarded podcast.

This week on The Threat Hub: A verified account is a prized status symbol on social media. And the situation isn’t all that different in the world of enterprise apps. Microsoft’s “verified publisher” status reassures users that a third-party OAuth app is legitimate and trustworthy—increasing the chances that they’ll install it and accept any permissions it requests. So it’s perhaps no surprise that cyber criminals continue to seek and abuse verified publisher status. In previous campaigns, threat actors have compromised existing verified publishers to abuse OAuth privileges. But now our researchers have discovered new methods being used to satisfy Microsoft’s verification requirements. Authenticating a malicious OAuth app can open an organization to a host of dangers, including data theft, brand impersonation and business email compromise. Check out the blog for full details of this new campaign, and recommendations for how to avoid falling prey to similar attacks.

On the latest edition of the Discarded podcast, hosts Selena and Crista are joined by threat research managers Daniel Blackford, Rich Gonzalez and Alexis Dorais-Joncas for a discussion about the year ahead. Topics covered include emerging malicious techniques, the relationship between vulnerabilities and detection, and our experts’ predictions for the threat landscape in 2023. And for an even more detailed look ahead, don't forget to register for our 2023 Threat Landscape webinar.

And on this week’s Five-Minute Forecast, law enforcement takes down Hive ransomware, JD Sports breach exposes 10 million customers in the U.K. to potential identity theft, and threat researcher Greg Lesnewich explains why a North Korean state-sponsored actor is trying to steal cryptocurrency.

Insights Chart of the Week
HTML smugging by threat actor, H2 2022
Smuggling Makes a Comeback, Part Two

Last week we looked at the rise of HTML smuggling during the latter half of 2022. This week we’re breaking those numbers down by threat actor. While we’ve seen a range of known cyber criminals using the technique (and a lot of activity that can’t be readily attributed), high volume threat actors TA570 and TA577 are the most prominent in our data.

Equip your team with threat intelligence

Threat Report
2022 Spring/Summer Threat Summary

Reviewing state-sponsored attacks and major league malware activity from the first half of the year.

Threat Insight
Reviewing Emotet's Fall 2022 Return

The world's most prolific malware is back, and it's learned some new tricks. Our threat research team has the latest.

Machine Learning with Camp Disco

Discarded podcast hosts Selena Larson and Crista Giering explore how ML helps our researchers uncover new threats.

Go Deeper with our Premium Threat Info Service

Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.

Learn More
Threat Report
The Human Factor 2022

Drawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.

Threat Report
2022 State of the Phish

This year’s report dives deep into today’s threats—and how prepared users are to face them. Get a wealth of data, insight and advice based on knowledge assessments, self-reported cybersecurity habits and actual responses to simulated phishing emails.

About The Threat Research Team

Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.

By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Threat Hub Chart of the Week
Follow us @threatinsight:

Subscribe to the Proofpoint Blog