Threat Hub

The Proofpoint threat research team has access to the one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.

| Weekly Brief

The 2022 Social Engineering report explains how attackers exploit human behavior. And Lockbit ransomware gets into the bug bounty game.

This week on The Threat Hub: Zero-day vulnerabilities and clever exploits might make the headlines. But as our 2022 Social Engineering report shows, most cyber attacks succeed because of a few basic bugs in human behavior:

  • We want to trust people when they say they're here to help us
  • We worry about losing out when resources or time are limited
  • We tend to defer to people who seem to have authority over us

The methods attackers use to exploit these bugs are called “social engineering,” and they are a component of the majority of threats seen by our researchers.

As people get better at identifying phishing attempts and other malicious emails, social engineering techniques have to evolve to keep up. In this new report, Proofpoint’s Threat Research team give the lowdown on the latest tactics and highlight some common misconceptions about how cyber criminals use our cognitive biases against us. The report explores how attackers build trust through lengthy conversations, how they capitalize on topical themes, and how they make use of trusted companies’ services to achieve their aims. The report is available to download as a PDF, and contains detailed examples from our data illustrating all of these techniques and more.

And on this week’s Five-Minute Forecast, FTC advises LGBTQ+ dating app users to be wary of extortion, Yodel deliveries disrupted by cyber attack in the U.K., and senior threat intelligence analyst Selena Larson discusses the latest social engineering strategies.

Finally, a quick programming note to say that we'll be taking a short break next week. Normal service will resume on July 13.


Insights Chart of the Week
Departmental Risk Data

Threat actors target business functions based on the value of the information, systems and assets they manage. As this chart from Human Factor 2022 shows, departments dealing with money and people face a much higher risk of attack.

Get the report

Equip your team with threat intelligence

All the Buzz on Bumblebee Malware

Hosts Selena Larson and Crista Giering discuss the emergence of a new malware loader with members of our Threat Research team.

Threat Insight
How Cyber Criminals Target Cryptocurrency

Bitcoin has become the default payment mechanism for ransomware, but malign interest in crypto goes much further.

In The News
Follina Exploited by APT Attackers

Threatpost highlights Proofpoint research into recent attacks against government institutions in the U.S. and E.U.

Go Deeper with our Premium Threat Info Service

Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.

Learn More
Threat Report
The Human Factor 2022

Drawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.

Threat Report
Fall / Winter 2021 Threat Update: Ransomware, BEC and Evolving Tools and Techniques

In 2021 the spotlight of global attention fell on cyber criminals like never before. In our first semiannual threat update, we explore new techniques and old tricks in a rundown of the year's biggest themes and schemes.

About The Threat Research Team

Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.

By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Threat Hub Chart of the Week
Follow us @threatinsight:

Subscribe to the Proofpoint Blog