Title: PROACTIVELY HUNTING PAYROLL REDIRECTION THREATS

Abstract:

Threat actors have been launching malvertising attacks targeted to employees of a wide range of businesses, which lead to ‘HR Payroll phishing pages’ which attempt to compromise employee credentials. If the credentials are acquired, the threat actors automate logging into the real company HR portal and change the employees’ email and bank deposit details, so that future payments from the business are sent to the threat actors. The presentation walked through details of the current campaign and mistakes the threat actors are making, which can be used to track a large chunk of their malicious infrastructure.

Presenter: Zach Edwards, Senior Threat Researcher, SilentPush

Bio:

Zach Edwards is a Senior Threat Researcher at SilentPush, having joined the team in 2024 after working with SilentPush on some proprietary research projects in 2023.

Zach has been a digital strategist/developer/founder/product manager/data architect/ threat researcher and everything in between for the last 17+ years.

Zach worked for 15 months on the digital team for President Obama’s 2007 campaign, getting started as co-director of ‘new media’ in Nevada and Texas, and directing new media in New Mexico, North Carolina, South Dakota during the primary process, and directed new media in Iowa during the general election. Zach also worked on behalf of NYC Mayor Bloomberg’s reelection campaign, directed digital strategy for Houston Mayor Bill White’s 2010 Gubernatorial campaign, and worked on dozens of other state, federal and international political campaigns and research efforts.

Zach has founded several companies in the open data space, worked on dozens of product launches, sent tens of millions of emails, and directly optimized millions of dollars in ad spend.

More recently, Zach has been a leading voice in the data privacy community, having worked on several high-profile GDPR complaints (one against the Grindr mobile app, one against the Google auction systems), he supported research for a pending FERPA school privacy complaint in the U.S., and he’s been quoted in hundreds of major newspapers and websites for niche data privacy investigations and cybersecurity concerns.

Zach is a recognized expert in auditing global data supply chains and advertising systems, and prior to joining Silent Push was most recently a Senior Manager of Threat Insights for HUMAN Security, a leader in defending systems against bot attacks.