Risky Biz Soap Box: Exploit kits are dead, at-scale social engineering the new black

An exploration of the human factor, with Proofpoint...
29 Sep 2017 » Risky Business

This isn’t the weekly show, this is a deep dive vendor podcast we do 10 times a year. All the vendors who appear in the Soap Box podcasts paid to be here, but you know what? Even though this is sponsored content, it’s really interesting.

And this Soap Box edition is a double surprise, because we’re talking about one of the driest topics in infosec: email filtering. But this is actually a really engaging conversation. I was very surprised by how much I enjoyed talking to our guests in this special, Ryan Kalember and Christopher Iezzoni of Proofpoint.

Proofpoint, among other things, is a huge player in email security and filtering. This conversation all hinges on a report Proofpoint published called “The Human Factor”.

It made some really important observations. For example, the death of popular exploit kits like Angler has just pushed attackers into social engineering at scale as an attack vector. That can be straight up fraud, attached malware or macro stuff, and some of these campaigns involve really sophisticated mass personalisation. The days of exploit kits being used at scale might actually be over.

I picked up The Human Factor report the day before we recorded this session and its findings are genuinely interesting. Proofpoint’s Ryan Kalember (SVP, Cybersecurity Strategy) and Christopher Iezzoni (Manager, Threat Research) joined me to discuss report and also to talk about why email filtering is actually interesting again.

You can find The Human Factor report here.