2025 Threat Detection Report: Threat Clusters from Amber Albatross to Yellow Cockatoo

This 10-minute video features Red Canary's threat intelligence team presenting a comprehensive overview of their uniquely named threat activity clusters, each identified by color-bird combinations. Explore ten distinct cybersecurity threats including Tangerine Turkey (USB-driven cryptocurrency mining), Amber Albatross (PUP-initiated reconnaissance), and Yellow Cockatoo (malicious ad-based remote access tools). Understand how everyday actions like clicking zip files or visiting compromised websites can lead to malware infections, while gaining practical defense strategies such as adjusting Windows file handlers and implementing ad blockers. The presentation methodically covers each threat cluster with timestamps for easy navigation, making it valuable for both security professionals and those interested in understanding modern cybersecurity threats and protection methods. For more comprehensive information, viewers can access the complete 2025 Threat Detection Report through the provided link.

Syllabus

00:00 – Introduction to Red Canary's color-bird themed threat clusters
00:46 – Tangerine Turkey: Infected USB drives lead to cryptocurrency mining
01:35 – Amber Albatross: PUP leads to stealer-driven reconnaissance
02:19 – Saffron Starling: Email ruse triggers malware downloads
03:40 – Scarlet Goldfinch: Fake browser update scam installs remote access tools
04:47 – Lilac Lyrebird: SEO poisoning tricks users into installing trojaned tech support software
05:33 – Charcoal Stork: Malvertising campaigns lead to browser hijackers and RATs
06:12 – Silver Toucan: macOS threat triggers numerous malware downloads
07:18 – Raspberry Robin: USB-spread malware delivers SocGholish and more
08:14 – Mango Parakeet: USB-based spreader results in worm functions masquerading as system utilities
09:02 – Yellow Cockatoo: Remote access with stealer bundle often initiated from malicious ads