Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
July 07, 2016

NetTraveler APT Targets Russian, European Interests

Axel F

Proofpoint researchers track an advanced persistent threat as Chinese actors target Russian and European military and diplomatic interests.

June 29, 2016

Banking Trojans go loonie for toonies: Dridex, Vawtrak and others increase focus on Canada

Proofpoint Staff

Proofpoint researchers describe the malware involved in a recent uptick in banking Trojans targeting Canadian interests.

June 24, 2016

Doh! New "Bart" Ransomware from Threat Actors Spreading Dridex and Locky

Proofpoint Staff

Proofpoint researchers identified a new ransomware called "Bart" from actors who have been spreading Dridex and Locky.

June 22, 2016

Necurs Botnet Returns With Updated Locky Ransomware In Tow

Proofpoint Staff

Proofpoint researchers dissect the payload from the first large Locky ransomware campaign in over 3 weeks.

June 16, 2016

Is Angler EK Sleeping with the Fishes? Neutrino exploit kit now distributing most CryptXXX

Proofpoint Staff

Proofpoint researchers have been tracking the relatively sudden shutdown of several elements of the advanced threat ecosystem, including the Angler exploit kit, which now appears to extend well beyond the disruption of the Necurs botnet we covered last week.

June 09, 2016

It's Quiet...Too Quiet: Necurs Botnet Outage Crimps Dridex and Locky Distribution

Proofpoint Staff

Proofpoint researchers take a look at the effects of an apparent outage in the massive Necurs botnet on two of the biggest names in malware: Dridex and Locky.

June 02, 2016

Malicious Macros Add Sandbox Evasion Techniques to Distribute New Dridex

Proofpoint Staff

Proofpoint researchers track new campaigns from a familiar actor using evasive macros and distributing a new Dridex sub-botnet targeting Swiss banking institutions.

June 01, 2016

CryptXXX Ransomware Learns the Samba, Other New Tricks With Version 3.100

Proofpoint Staff

With its latest version, detected last week by Proofpoint researchers, CryptXXX breaks the currently available decryption tool and adds new capabilities to encrypt shared network resources, among other updates.

May 27, 2016

Two Threats For the Price of One: Credential Phishing Leads to iSpy Keylogger

Proofpoint Staff

Proofpoint researchers recently detected a phishing campaign that ultimately led recipients to download and install the iSpy keylogger.

May 26, 2016

Locky Ransomware Actors Turning To XORed JavaScript to Bypass Traditional Defenses

Proofpoint Staff

Proofpoint researchers have observed certain threat actors distributing Locky with JavaScript attachments using XOR obfuscation to conceal the malware they are distributing, adapting to increasing awareness of malicious JavaScript attachments to email.


Stay Connected