Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
May 05, 2016

Exploit Kit Déjà Vu: Massive Email Campaigns Spreading Dridex Via Angler

Matthew Mesa

Proofpoint researchers observed massive email campaigns with a twist - malicious URLs in the emails lead to purpose-built pages on compromised websites that in turn use Angler to drop Dridex on vulnerable PCs.

April 27, 2016

Ransomware Explosion Continues: CryptFlle2, BrLock and MM Locker Discovered

Axel F, Proofpoint Staff

Proofpoint researchers continue to see the regular and rapid emergence of new ransomware strains and variants, validating trends observed since the end of 2015.

April 25, 2016

Quarterly Threat Summary: Dridex, ransomware, and BEC phishing hog the spotlight

Proofpoint Staff

Proofpoint threat researchers publish their analysis of the top threats and trends of the first three months of 2016.

April 20, 2016

Panda Banker: New Banking Trojan Hits the Market

Axel F

Proofpoint researchers have been tracking a new banking Trojan since March that has already been used in both targeted and widespread attacks.

April 18, 2016

CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler


Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. 

April 07, 2016

Killing a Zero-Day in the Egg: Adobe CVE-2016-1019


Proofpoint security researchers discover a new exploit in the Magnitude EK that leads to a previously unreported vulnerability in Adobe Flash.

April 05, 2016

Phish Scales: Malicious Actor Combines Personalized Email, Variety of Malware To Target Execs

Matthew Mesa

Targeted and personalized emails combined with a variety of malware represent a new and sophisticated approach from a particular actor we’ve been tracking this year.

March 30, 2016

.om Is Not .com – Attackers Increasing Use of Typosquatting

Christopher Dawson

So-called "typosquatters" aren't just getting savvier - they have a whole new world of top-level domains to use to trick businesses and consumers into giving up their personal information.

March 18, 2016

Video Malvertising Bringing New Risks to High-Profile Sites

Proofpoint Staff

On March 13, 2016, Proofpoint researchers observed a large malvertising campaign hitting many highly-ranked websites including and many others. We also surmised (and later confirmed) that there was a video malvertising involved in this campaign. While such campaigns aren't new, this appears to be the first such documented campaign leading to an exploit kit.


Stay Connected