Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Geoff McDonald and JBO to discuss Whisper Leak, new research showing that encrypted AI traffic can still unintentionally reveal what a user is asking about through patterns in packet size and timing.   They explain how LLM token streaming enables this kind of side-channel attack, why even well-encrypted conversations can be classified for sensitive topics, and what this means for privacy, national-level surveillance risks, and secure product design. The conversation also walks through how the study was conducted, what patterns emerged across different AI models, and the steps developers should take to mitigate these risks.  In this episode you’ll learn:       Why packet sizes and timing patterns reveal more information than most users realize  How user-experience choices like showing streamed text create a larger attack surface  The difference between classic timing attacks and the new risks uncovered in Whisper Leak    Resources:   View JBO on LinkedIn  View Geoff McDonald on LinkedIn    View Sherrod DeGrippo on LinkedIn    Learn more about Whisper Leak     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 

Matt Duncan, Vice President of Security Operations and Intelligence at E-ISAC, dives into the critical world of power grid security. He discusses how AI is evolving the threat landscape, making it easier for attackers to target outdated systems. Severe weather events increase cyber vigilance, while harrowing insights into hacktivists reveal unique motivations and tactics. Matt emphasizes the importance of industry collaboration and real-life success stories to fortify defenses. Learn why foundational security practices are essential for keeping our electricity safe and resilient.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware.   Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification.  In this episode you’ll learn:       How Payroll Pirates diverted university salaries through SaaS HR phishing schemes  Why universities are prime targets for identity-based cyberattacks  How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks  Some questions we ask:      How are attackers stealing credentials and paychecks?  Why do attackers create inbox rules after compromising accounts?  What alerts should organizations monitor for these types of attacks?  Resources:   View Tori Murphy on LinkedIn   View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn   Investigating targeted “payroll pirate” attacks affecting US universities  Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity.   In this episode you’ll learn:       How to evaluate whether a vendor is truly using AI in their product  The psychology behind why people fall for phishing attacks  Why human judgment will remain essential in the era of AI-driven security.  Some questions we ask:      How can AI unlock new capabilities in cybersecurity?  What questions should people ask AI security vendors?  Why do trained security professionals still fall for phishing attacks?  Resources:   View Zack Korman on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

Crane Hassold, a Principal Security Researcher at Microsoft, and Chloé Messdaghi, Senior Reporting Manager leading the Microsoft Digital Defense Report, dive into the evolving landscape of cybersecurity threats. They discuss how AI is shaping both attacker strategies and defensive measures, highlighting that over 99% of attacks begin with identity compromise. The duo explains the fusion of nation-state operations and cybercrime, as well as the risks posed by AI-enhanced phishing and the significance of emerging threat intelligence from expansive telemetry.

Chuong Dong, a security engineer and malware expert at Microsoft, dives deep into the threat landscape of ransomware and modular malware. He discusses PipeMagic, a sophisticated backdoor masquerading as a harmless desktop app, and its detection challenges. The conversation shifts to Medusa ransomware and its transition to a ransomware-as-a-service model using double extortion tactics. Dong highlights the abuse of legitimate tools in these attacks and the crucial role of leak sites in ransomware operations. Tune in for vital insights into modern cybersecurity threats!

In this engaging discussion, Kelly Bissell, Corporate Vice President at Microsoft with over 30 years in cybersecurity, dives into the evolving landscape of domain impersonation and typosquatting, especially as AI ramps up deception tactics. He illustrates how attackers are leveraging bots and AI for tailored fraud, why Microsoft’s Siamese neural network is a game-changer for real-time detection, and how defenders like Microsoft may finally hold the upper hand. Kelly also shares insights on common warning signs of fraud and how organizations can effectively utilize these protective measures.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.  They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn:      How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask:     Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources:  View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Tom Gallagher, VP of Engineering at Microsoft's Security Response Center, discusses the importance of responsible disclosure in cybersecurity and the exciting $5 million Zero Day Quest initiative. Eric Olson, Principal Security Researcher, dives into the explosive evolution of ransomware and social engineering tactics. He highlights the drastic reduction in ransomware dwell times to mere minutes and the emerging threat of AI-enhanced phishing attacks. Together, they emphasize the need for collaboration between researchers and security teams to combat these growing threats.

Aarti Borkar is the VP of Security at Microsoft, focusing on proactive measures, while Simeon Kakpovi tracks crime-based threat actors, and Andrew Rapp specializes in incident response. They discuss how legal tactics disrupt threat actors and the necessity of rehearsed incident response plans. Snow, co-founder of the Social Engineering Community Village at DEF CON, shares her unique journey from special effects to social engineering, emphasizing empathy and creativity as powerful tools in security testing. The conversation highlights the emotional toll on defenders and the evolving nature of cyber threats.