Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity.   In this episode you’ll learn:       How to evaluate whether a vendor is truly using AI in their product  The psychology behind why people fall for phishing attacks  Why human judgment will remain essential in the era of AI-driven security.  Some questions we ask:      How can AI unlock new capabilities in cybersecurity?  What questions should people ask AI security vendors?  Why do trained security professionals still fall for phishing attacks?  Resources:   View Zack Korman on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

Crane Hassold, a Principal Security Researcher at Microsoft, and Chloé Messdaghi, Senior Reporting Manager leading the Microsoft Digital Defense Report, dive into the evolving landscape of cybersecurity threats. They discuss how AI is shaping both attacker strategies and defensive measures, highlighting that over 99% of attacks begin with identity compromise. The duo explains the fusion of nation-state operations and cybercrime, as well as the risks posed by AI-enhanced phishing and the significance of emerging threat intelligence from expansive telemetry.

Chuong Dong, a security engineer and malware expert at Microsoft, dives deep into the threat landscape of ransomware and modular malware. He discusses PipeMagic, a sophisticated backdoor masquerading as a harmless desktop app, and its detection challenges. The conversation shifts to Medusa ransomware and its transition to a ransomware-as-a-service model using double extortion tactics. Dong highlights the abuse of legitimate tools in these attacks and the crucial role of leak sites in ransomware operations. Tune in for vital insights into modern cybersecurity threats!

In this engaging discussion, Kelly Bissell, Corporate Vice President at Microsoft with over 30 years in cybersecurity, dives into the evolving landscape of domain impersonation and typosquatting, especially as AI ramps up deception tactics. He illustrates how attackers are leveraging bots and AI for tailored fraud, why Microsoft’s Siamese neural network is a game-changer for real-time detection, and how defenders like Microsoft may finally hold the upper hand. Kelly also shares insights on common warning signs of fraud and how organizations can effectively utilize these protective measures.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.  They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn:      How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask:     Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources:  View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Tom Gallagher, VP of Engineering at Microsoft's Security Response Center, discusses the importance of responsible disclosure in cybersecurity and the exciting $5 million Zero Day Quest initiative. Eric Olson, Principal Security Researcher, dives into the explosive evolution of ransomware and social engineering tactics. He highlights the drastic reduction in ransomware dwell times to mere minutes and the emerging threat of AI-enhanced phishing attacks. Together, they emphasize the need for collaboration between researchers and security teams to combat these growing threats.

Aarti Borkar is the VP of Security at Microsoft, focusing on proactive measures, while Simeon Kakpovi tracks crime-based threat actors, and Andrew Rapp specializes in incident response. They discuss how legal tactics disrupt threat actors and the necessity of rehearsed incident response plans. Snow, co-founder of the Social Engineering Community Village at DEF CON, shares her unique journey from special effects to social engineering, emphasizing empathy and creativity as powerful tools in security testing. The conversation highlights the emotional toll on defenders and the evolving nature of cyber threats.

Richard Boscovich, Assistant General Counsel at Microsoft’s Digital Crimes Unit, and Derek Richardson, Principal Investigator at the same unit, dive into the impressive takedown of Lumma Stealer's vast malware network. They discuss innovative legal strategies like the RICO Act and the importance of global collaboration with partners such as Europol. The conversation reveals how Microsoft seized 2,300 domains to protect hundreds of thousands of victims and hints at a new era of persistent cybercrime disruption that may redefine cybersecurity operations.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas.  Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team.  In this episode you’ll learn:       Why skipping talks at DEF CON to join contests and villages can be more valuable  Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions  The importance of connection and niche technical discussions in the hacker community    Some questions we ask:      What advice would you give to someone who has never been to DEF CON?  How does the team plan traps and misdirection in Hacker Jeopardy questions?  What do you think the community should focus on getting out of DEF CON?  Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Craig Nelson, leader of Microsoft’s elite Red Team and a veteran in simulating real-world attacks, shares pivotal insights on cybersecurity dynamics. He discusses how human behavior can influence security breaches and the importance of collaboration between red and blue teams. Craig explores the impact of AI on attacker tactics and stresses creative thinking in identifying vulnerabilities. He reflects on his journey from the ’90s hacker scene to navigating cloud security challenges, offering valuable advice for aspiring red teamers.