Microsoft Threat Intelligence Podcast

In this discussion, Nick Monaco, Principal Threat Intelligence Analyst at Microsoft, shares insights on Gingham Typhoon's expansion into South Pacific cyber operations, particularly targeting Papua New Guinea amidst the Belt and Road Initiative. The conversation highlights Nylon Typhoon’s espionage in South America and Europe and the sophisticated attacks from Volt Typhoon on U.S. critical infrastructure. Monaco also warns of the risks posed by AI-generated misinformation strategies from Storm 1376, emphasizing the evolving nature of cyber threats and the need for robust countermeasures.

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayan about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys.   In this episode you’ll learn:       How KQL is applied in real-world security scenarios including incident response  Key features and benefits of KQL when it comes to security and cloud data  Distinguishing between legitimate and malicious uses of remote management tools      Some questions we ask:        How does KQL tie into the Microsoft ecosystem, like Defender and Copilot?  What advice would you give to someone new to KQL who wants to start learning?  What is the technique we're seeing with copy-pasting malicious PowerShell?     Resources:  View Mark Morowczynski on LinkedIn View Matt Zorich on LinkedIn View Rod Trent on LinkedIn View Lekshmi Vijayan on LinkedIn  View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo discusses North Korean threat actors with one of our Microsoft Threat Intelligence researchers and Greg Schloemer focusing on two prominent groups: Onyx Sleet and Storm 0530. Onyx Sleet is a long-standing espionage group known for targeting defense and energy sectors, particularly in the U.S. and India. However, they’ve diversified into ransomware, using tactics like malware downloaders, zero-day vulnerabilities, and a remote access Trojan called D-Track. The conversation also touches on the use of fake certificates and the group's involvement in the software supply chain space.   In this episode you’ll learn:       The relationship between Onyx Sleet and Storm 0530  North Korea's broader strategy of using cyber-attacks and moonlighting activities  Surprising nature of recent attack chains involving vulnerability in the Chromium engine    Some questions we ask:      Does Onyx Sleet engage in cryptocurrency activities as well as traditional espionage?  How does the use of a fake Tableau software certificate fit into Onyx Sleet's attack chain?  Where does the name "Holy Ghost" come from, and why did they choose it?    Resources:  View Greg Schloemer on LinkedIn  View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

Anna Seitz and Daria Pop, both Microsoft security researchers, delve deep into the world of ransomware and cyber threats. They discuss the Black Basta ransomware group’s evolution from simple phishing to sophisticated social engineering tactics, including malware distribution via Microsoft Teams. The duo highlights the persistence of malvertising and its implications for cybersecurity. They reveal how state-sponsored actors are leveraging large language models, emphasizing the dual nature of AI as both a tool for security and a weapon for attackers.

In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator at DCU, and Bob Erdman, Associate VP at Fortra, tackle the illegal use of cracked Cobalt Strike in cybercrime. They shed light on innovative DMCA strategies to combat piracy globally and discuss the significant impact of these initiatives on detection engineering. The trio also expresses optimism about extending these methods to other cyber threats, emphasizing the importance of collaboration between the public and private sectors in enhancing cybersecurity.

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is live from Blue Hat Israel in Tel Aviv. Igal Lytzki and Din Serussi discuss their presentation on advanced phishing and evasion techniques, highlighting the rise of QR phishing and custom-made captures, which involve interactive challenges to bypass security systems. Gal Niv and Jonathan Jacobi discuss their experience with the Web3 challenge they created, focusing on a smart contract vulnerability on the Ethereum blockchain. Ida Vass, the mastermind behind BlueHat IL, talks about the conference’s impact and her motivation, driven by the community's spirit and the desire to continually innovate and Wolf Goerlich the keynote speaker, discusses his approach to the keynote, focusing on positive advancements in cybersecurity rather than dwelling on the negative.   In this episode you’ll learn:         Practical advice for organizations to bolster their email security defenses  The critical need to apply historical attack models to new technologies  Progress in hardening OS and network security and the shift in threat actor tactics    Some questions we ask:        What emerging technologies or threats do you find most intriguing or concerning?  How does the production level of BlueHat compare to other conferences?  What do state-sponsored email threats look like right now?    Resources:  View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure.    In this episode you’ll learn:         How AI Bug Bounty programs are reshaping traditional security practices  Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data  Why you should engage in AI bug hunting and contribute to the evolving security landscape    Some questions we ask:        Which products are currently included in the Bug Bounty program?  Should traditional bug bounty hunters start doing AI bug bounty hunting?  How can someone get started with AI bug hunting and submitting to your program?     Resources:  View Lynn Miyashita on LinkedIn  View Andrew Paverd on LinkedIn  View Sherrod DeGrippo on LinkedIn   Microsoft AI Bug Bounty Program    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast recorded at the RSA Conference in San Francisco, host Sherrod DeGrippo engages with a diverse group of cybersecurity experts. David Weston, VP of Operating System Security at Microsoft, discusses the evolution of Windows security and the role of AI. Jamie Williams from MITRE shares insights on the importance of product functionality in cybersecurity. Emma Stewart, Chief Power Grid Scientist at Idaho National Lab, talks about securing the digital transition of the power grid. Joe Slowik from MITRE emphasizes the importance of threat intelligence and integrating cybercrime entities into their attack framework. Lindsey O'Donnell, executive editor of Decipher, highlights AI's crucial role in cybersecurity and finally, Todd Pauley, deputy CISO of the Texas Education Agency, discusses the challenges faced by small school districts in Texas.    In this episode you’ll learn:         How Windows security has transitioned from user-controlled to Microsoft-managed  The importance of understanding product functionality to combat cyber threats  Securing the power grid's digital transition and cloud technologies for grid control     Some questions we ask:        What challenges and opportunities arise in securing the power grid's digital transition?  How does AI enhance security in Windows operating systems?  What were some of the most memorable sessions you attended at RSA?    Resources:  View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Mark Russinovich.  Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, joins the show to talk about his journey from developing on-prem tools like Sysinternals to working in the cloud with Azure. Sherrod and Mark discuss the evolution of cybersecurity, the role of AI in threat intelligence, and the challenge of jailbreaking AI models. Mark shares his experiences with testing AI models for vulnerabilities, including his discovery of the "Crescendo" and "Masterkey" methods to bypass safety protocols. They also touch on the issue of poisoned training data and its impact on AI reliability, while highlighting the importance of staying ahead in cybersecurity.  In this episode you’ll learn:       The shift from desktop computing to cloud-based systems and its implications  Potential consequences of AI models having overridable safety instructions  How AI training data can manipulate the outcomes generated by AI models  Some questions we ask:      Will AI owners be able to stop data poisoning, or will it become more common?  Can you share challenges and vulnerabilities in maintaining the security of AI systems?  What sparked your interest in AI jailbreaks, and what trends are you seeing?  Resources:  View Mark Russinovich on LinkedIn  View Sherrod DeGrippo on LinkedIn   AI jailbreaks: What they are and how they can be mitigated?https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/  Inside AI Security with Mark Russinovich | BRK227 https://www.youtube.com/watch?v=f0MDjS9-dNw How Microsoft discovers and mitigates evolving attacks against AI guardrails.https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/ Google AI said to put glue on pizza.https://www.businessinsider.com/google-ai-glue-pizza-i-tried-it-2024-5   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Sherrod DeGrippo discusses the Grandoreiro banking Trojan's global expansion and the Luna Tempest extortion group targeting startups. The evolving tactics of threat actors, challenges in disrupting them, and the rise of identity-based attacks are highlighted. Collaboration and industry unity are emphasized in combating cyber threats.