Microsoft Threat Intelligence Podcast

Join Bryan Prior and Nirit Hinkis from Microsoft Threat Analysis Center as they discuss Iranian influence operations, tactics like impersonation and propaganda consumption, challenges in attribution, and collaboration among Iranian groups. Discover insights on Iran's cyber activities and potential future cyber attacks.

Mobile threat researchers Christine Fossaceca, Laurie Kirk, and Apurva Kumar discuss a recent zero-click attack on iPhones targeting security researchers. They explore the significance of the attack, its implications for mobile security, and the rising prevalence of zero-click attacks on mobile devices. They also discuss phishing scams involving gift cards, their experiences with scammers, mobile fraud, and the safety of app stores. The episode wraps up with thanks to the guests and a teaser for an upcoming episode.

Sherrod DeGrippo, Greg Schloemer, and Matthew Kennedy discuss North Korean cyber operations, emphasizing their persistence, adaptability, and revenue generation through cryptocurrency theft. They explore the actions of the Lazarus group and its impact on North Korean cyber operations. The speakers also highlight Diamondsleet's software supply chain attack and the success of the Jade Sleet group in cryptocurrency thefts. They discuss North Korea's mindset of evolution, diverse techniques employed in cyber operations, and challenges of laundering stolen money. The speakers share their interests in cybersecurity and hope for regular updates on North Korea.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jeremy Dallman, Kimberly Ortiz, and Steve Ginty. Sherrod emphasizes the importance of understanding vulnerabilities before they're exploited in the wild and discusses the process of responding to security vulnerabilities, including identifying threat actors and the urgency of patch deployment, especially for vulnerabilities targeted by ransomware groups. The conversation also focuses on Security Copilot, a tool built on Microsoft's extensive threat intelligence, designed to make SOC analysts' work more accessible by providing immediate, relevant information on threats. This episode offers an insider's view on how these professionals track internal incident responses, share crucial intelligence with customers, and continuously evolve their processes to ensure swift, accurate delivery of threat intelligence.     In this episode you’ll learn:      -How collaborating with multiple MS teams enhances intel delivery  -Interaction between Microsoft Defender Threat Intelligence and Security Copilot -Publishing actor profiles based on internal observations of techniques and procedures   Some questions we ask:      -How will the world of AI affect the role of threat intelligence?  -What are you most excited about when it comes to AI in cybersecurity?  -When do we share intel with customers, and has that process changed over the years? Resources:  View Kimberly Ortiz on LinkedIn  View Steve Ginty on LinkedIn  View Jeremy Dallman on LinkedIn  View Sherrod DeGrippo on LinkedIn   MDTI: Now Anyone Can Tap Into Game-Changing Threat Intelligence The Future of Security with AI A Year in Intel: Highlights from Microsoft's Global Stand Against APTs The risk of trust: Social engineering threats and cyber defense Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Judy Ng, Mark Parsons, and Ned Moran. Together, they delve into the riveting world of Cyberwarcon, exploring the activities of threat actors such as Volt Typhoon from China and Iranian-based adversaries. Sherrod sheds light on Volt Typhoon's strategic targeting of critical infrastructure while the team elaborates on the Iranian actors' reactive and opportunistic approach to current cyber attacks. The episode unfolds with insightful discussions of sophisticated techniques like "living off the land" and the intricacies of information operations while providing a deep dive into the evolving landscape of cyber threats and intelligence.     In this episode you’ll learn:       The use of AI in the current world of cybersecurity  Why North Korean cyber activity is often referred to as Lazarus  Unique challenges and motivations for tracking APT groups     Some questions we ask:      What are some challenges when following chaotic and unpredictable threat actors?  How do you balance secondary projects like incident response and ransomware?  What motivates someone to pursue a career in APT tracking and analysis?   Resources:  View Mark Parsons on LinkedIn View Ned Moran on LinkedIn View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Threat Research and Intelligence Leader Wes Drone. Wes has spent five years investigating criminal and national security computer intrusions for the FBI Cyber Division. After the FBI, he helped a Fortune 25 healthcare organization mature its security operations while gaining first-hand experience in risk management. Sherrod and Wes discuss his current role at Microsoft, where he focuses on messaging and web research. They also touch on the evolving landscape of phishing attacks and the impact of ChatGPT on code writing and security.   In this episode you’ll learn:       How ChatGPT has improved code and empowered security to create better code  Why phishing attacks have evolved with new techniques and capabilities   The preferences of threat actors and their willingness to adapt     Some questions we ask:      How have ransomware attacks shifted to a broader issue for entire businesses?  Why should defenders be constantly adapting to new tactics from threat actors?  What challenges and strategies have you noticed from the existing threat landscape?    Resources:  View Wes Drone on LinkedIn View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jack Mott to discuss the movie "Heat" and its relevance to social engineering and threat actor psychology. They also chat about the challenges of identifying real threats in the world of information security, highlighting the need for vigilance in detecting both evident and subtle threats. The conversation revolves around the complexities of distinguishing between genuine and malicious activity and the importance of a nuanced approach to cybersecurity.    In this episode you’ll learn:       Why experimentation and new approaches in the security industry are so necessary  Microsoft's approach to handling and investigating blocked threats  The importance of an adaptive system to stay updated on evolving threats and behaviors    Some questions we ask:      Why is curiosity a crucial quality for success in the information security field?  How do you deal with making mistakes and taking risks in your work?  Why do you foster relationships and share information with other professionals?   Resources:  View Sherrod DeGrippo on LinkedIn  Microsoft Ignite Panel, The risk of trust: Social engineering threats and cyber defense     Related Microsoft Podcasts:                     Afternoon Cyber Tea with Ann Johnson   The BlueHat Podcast   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

The podcast discusses the activities and tactics of a threat actor called Octo Tempest, such as SIM swapping, SMS phishing, and living off the land. It highlights their bespoke and persistent nature, as well as the importance of separating high-privileged accounts. Other topics include assuming compromised passwords, testing security controls, and the need for help desk protocol.

Graham Dietz, Microsoft Senior Security Researcher, joins Sherrod DeGrippo to discuss China's cyber activities, including patriotic hackers thriving in the underground, China's economic strategies related to cyber operations, and the complexity of Chinese cyber activities. They also explore China as an Advanced Persistent Threat, their loud presence, and targeting of vulnerable organizations.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca. Christine is a senior mobile security researcher at Microsoft, specializing in iOS and mobile exploit development. Christine and Sherrod discuss mobile device security and privacy concerns, mainly focusing on Apple AirTags and similar tracking devices, concentrating on the potential for misuse of these devices for shady purposes, the challenges of tracking and detecting them, and steps individuals can take to protect themselves if they suspect they are being tracked. They also examine the evolving landscape of mobile security and offer practical advice for safeguarding personal information and privacy in increasingly interconnected devices.      In this episode you’ll learn:         How attackers gain access to banking apps and iCloud accounts  The privacy implications of Bluetooth trackers  Why the landscape of mobile security is constantly evolving    Some questions we ask:      What's a mobile zero day?  How can I and people listening protect themselves on their iPhones?   What common technique do fishers use to make URLs appear legitimate?   Resources:  Follow Christine on Twitter @x71n3 & @herhaxpodcast  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.