Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
January 27, 2015

Tax Return Malware Attacks – Hidden Penalty, Early Withdrawal

Proofpoint Staff

April 15 is still months away, but phishers are already filing their campaigns in hopes of an early return. 

January 22, 2015

Now What? Why We Should Talk About Incident Response

Proofpoint Staff

Information security often focuses on the "cool" exploit and detection side of cyber-defense, but the importance of incident response is gaining attention.

January 14, 2015

In Russia, the Phish Spear You

Proofpoint Staff

Spearfishing and spear-phishing may be homonyms, but they have vastly different meanings and apply in very different contexts. Spearfishing is a form of fishing in which the fisherman attempts to impale a fish upon a spear, which can be thr

December 23, 2014

New Dridex Botnet Drives Massive Surge in Malicious Attachments


The Dridex banking Trojan is already well-known and documented in analyses by security researchers from Proofpoint and other organizations.

December 17, 2014

Cybersecurity Predictions for 2015

Proofpoint Staff

2014 was a year in which information security vaulted into the public eye, driven by a surge in both the number and the visibility of data breaches and compromises. 

December 04, 2014

Account Statement Phish Masks Emotet Malware to German Users

Proofpoint Staff

Over the past several weeks Proofpoint has detected a fairly large and ongoing unsolicited email campaign that targets German users with phishing lures designed to deliver the Emotet banking Trojan. The campaign stays ahead of reputation filters by cycling through several dozen compromised websites per day, delivering emails that employ a common and effective “account notification” template.

December 04, 2014

Phishing Kampagne mit gefälschten Kontoauszügen oder Paketankündigungen verbirgt "Emotet Malware" vor deutschen Nutzer

Proofpoint Staff

In den vergangenen Wochen hat Proofpoint eine ziemlich große, fortlaufende Kampagne mit unerwünschten E-Mails erkannt, die deutsche Anwender mit Phishing-Ködern zu locken versucht, um den Banking-Trojaner Emotet auf ihre Rechner zu bringen. Die Kampagne trickst die Reputationsfilter aus, indem pro Tag auf Dutzenden manipulierter Websites geklickt wird, von denen E-Mails mit einer gängigen und effektiven Vorlage des Typs „Kontobenachrichtigung“ verschickt werden.

October 07, 2014

How to steal access to over 500,000 bank accounts

Proofpoint Staff

The insider view of a Russian cybercrime infrastructure. Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe.

January 16, 2014

Your Fridge is Full of SPAM: Proof of An IoT-driven Attack

Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach.


Stay Connected