Cybersecurity

Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
August 24, 2017

Defray - New Ransomware Targeting Education and Healthcare Verticals

Proofpoint Staff

Proofpoint researchers detail a new ransomware strain called Defray after it is used in small, targeted attacks on healthcare, education, and manufacturing organizations.

August 17, 2017

Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack

Darien Huss

Proofpoint researchers detail new droppers and updated functionality in what appears to be a G20-targeted attack by the Turla APT actor.

August 14, 2017

Threat actor goes on a Chrome extension hijacking spree

Kafeine

Proofpoint researchers track a number of Chrome extensions compromised for stealing credentials and hijacking web traffic.

August 10, 2017

Q2 Threat Report: High-volume malicious email campaigns, “ransomworms” make for eventful spring

Proofpoint Staff

Proofpoint researchers track the trends that shaped the threat landscape in the second quarter of 2017.

July 31, 2017

FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor

Matthew Mesa, Darien Huss

Proofpoint researchers track changes to macros and a new Jscript backdoor being used by the FIN7 threat actor.

July 27, 2017

Backdoored Litecoin Wallet Spread via Typosquatted Domains

Proofpoint Staff

Proofpoint researchers track XKey keylogger malware distributed via typosquatted clones of the Litecoin cryptocurrency website and backdoored versions of the app.

July 24, 2017

Silver lining: Google OAuth worm leads to Proofpoint discovery and Google mitigation

Proofpoint Staff

Since at least 2011 [1] [2], information security researchers have attempted to raise awareness about the ease with which attackers could create seemingly legitimate apps and then trick users into granting them access to email and cloud service accounts.

July 13, 2017

Meet Ovidiy Stealer: Bringing credential theft to the masses

Proofpoint Staff

Proofpoint researchers analyze a previously undocumented stealer called Ovidiy Stealer. Lightweight, efficient, and with attractive pricing and marketing, Ovidiy Stealer makes it easy for would-be criminals to make the leap into credential theft.

June 27, 2017

Pyramid Schemes Go High Tech with Affiliate Spam and Malware Affiliates

Proofpoint Staff

Proofpoint researchers examine how the affiliate marketing model drives both spam and malware distribution.

June 20, 2017

AdGholas Malvertising Campaign Using Astrum EK to Deliver Mole Ransomware

Kafeine

Proofpoint researchers track recent AdGholas activity with colleagues from the advertising and security industries after ransomware activity in the UK set off red flags.

Pages

Stay Connected
TWITTER @THREATINSIGHT