Threat Hub
The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
The Discarded podcast explores fake browser update attacks. And an update on recent activity by spam distributor TA571.
This week on The Threat Hub: Threat detection analyst Dusty Miller joins hosts Selena and Crista on the Discarded podcast for a browse through the world of fake update attacks. This technique uses compromised websites to spread malware, presenting unsuspecting visitors with alerts telling them to update their web browser. Fake update attacks work by exploiting trust in websites we believe to be legitimate or have visited before. And since users can be led to a compromised site by any number of channels— from email newsletters, to social media posts, to just typing in a familiar URL—there’s no shortage of potential victims.
In addition to notable fake update attacker SocGholish, the episode covers activity by three other groups, all with their own tricks and tactics. Defending against such a sneaky and ubiquitous threat is no easy task. Tackling browser update attacks means pinpointing which threat you’re dealing with and responding accordingly. So if you want help telling the difference between RogueRaticate and ClearFake, check out the full episode for all the details.
And on this week’s Five-Minute Forecast, Okta shares more details about a recent breach, a global coalition comes together to combat ransomware, and threat researcher Selena Larson shares campaign updates on threat actor TA571.
After returning to the threat landscape in September, cybercrime threat actor TA577 conducted 16 campaigns in October. Messages used URLs either directly included in the email body, or embedded in an attached PDF. Payloads varied, delivering DarkGate and IcedID alongside Pikabot.
Equip your team with threat intelligence
Go Deeper with Proofpoint Threat Intelligence Services
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreCyberattackers target people. They exploit people. Ultimately, they are people. That’s why the Human Factor report focuses on how technology and psychology combine to make people so susceptible to modern cyber threats. In this first volume, we take a closer look at attacks that rely on social engineering, including business email compromise (BEC) threats, email fraud and phishing.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
