Microsoft Threat Intelligence Podcast

Black Basta and the Use of LLMs by Threat Actors

Aug 28, 2024

Anna Seitz and Daria Pop, both Microsoft security researchers, delve deep into the world of ransomware and cyber threats. They discuss the Black Basta ransomware group’s evolution from simple phishing to sophisticated social engineering tactics, including malware distribution via Microsoft Teams. The duo highlights the persistence of malvertising and its implications for cybersecurity. They reveal how state-sponsored actors are leveraging large language models, emphasizing the dual nature of AI as both a tool for security and a weapon for attackers.

23:45

Creator website

Episode guests

Anna Seitz

Daria Pop

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Black Basta has evolved its tactics from phishing to advanced social engineering, demonstrating agility in response to law enforcement actions like the Qakbot takedown.

State-sponsored groups like Emerald Sleep are utilizing large language models to enhance their cyber operations, raising concerns about the sophistication of AI-enhanced phishing attempts.

Deep dives

Evolution of BlackBasta's Tactics

BlackBasta has adapted its initial access methods over the years, highlighting a trend of evolving cybercrime techniques. Initially, phishing was the primary access method, involving malicious emails with links or documents that distributed malware like Quackbot. As recent operations unfolded, the group shifted to employing tools like Peekabot and Darkgate, showing agility in response to law enforcement actions like the Quackbot takedown. The latest tactics include complex social engineering strategies using voice phishing and Microsoft Teams to exploit targets, indicating a broader evolution of their operational tactics.

Intro

3min

Evolution of Malvertising and Ransomware Techniques

2min

Evolving Threats: Social Engineering and Remote Management Tactics

3min

AI and the Evolving Landscape of Cyber Threats

11min

The Dual Use of AI Tools in Security and Daily Life

2min

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.

In this episode you’ll learn:

Why the takedown of Qakbot impacted Black Basta’s strategies
What malvertising is and why its persistence is due to the complex nature of ad traffic
How the MITRE Atlas framework assists defenders in identifying new threats

Some questions we ask:

What role does social engineering play in the campaigns involving Quick Assist?
How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?
Can you explain the changes in Black Basta’s initial access methods over the years?

Resources:

View Anna Seitz on LinkedIn

View Daria Pop on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Microsoft Threat Intelligence Podcast

Black Basta and the Use of LLMs by Threat Actors

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolution of BlackBasta's Tactics

Social Engineering and Remote Management Tools

Threat Actors Leveraging AI Technology

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Microsoft Threat Intelligence Podcast

Black Basta and the Use of LLMs by Threat Actors

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolution of BlackBasta's Tactics

Social Engineering and Remote Management Tools

Threat Actors Leveraging AI Technology

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights