Microsoft Threat Intelligence Podcast

Microsoft
  • 5.0 (18)
  • TECNOLOGÍA
  • CADA DOS SEMANAS
Microsoft Threat Intelligence Podcast

Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.

  1. HACE 4 DÍAS

    Vanilla Tempest: The Threat Actor Behind Recent Hospital Ransomware Attacks

    In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna and Keivan to discuss two prominent threat actors: Vanilla Tempest and Peach Sandstorm.  Vanilla Tempest, a financially motivated cybercrime group, has been involved in recent ransomware attacks on U.S. hospitals, utilizing various ransomware payloads such as Ink. They are known for using tools like PowerShell scripts and Goot Loader to exfiltrate data and extort victims. Peach Sandstorm, an Iranian nation-state threat actor, focuses on cyber espionage and intelligence collection. They have targeted various sectors, including energy, defense, and critical infrastructure, and have shown increasing sophistication in their attacks. Later, Sherrod speaks with Colton Bremer, a senior security researcher at Microsoft, about his work on the Defender Experts (DEX) team. Colton explains the different tiers of DEX services, which focus on detecting and mitigating advanced threats that may bypass traditional security measures.  In this episode you’ll learn:       A backdoor called Tickler that uses Azure infrastructure for command and control  The significance of these groups' tactics and maintaining ransomware resiliency  The different tiers of DEX services detecting and mitigating advanced threats    Some questions we ask:     How does Vanilla Tempest typically execute their attacks?  Has Peach Sandstorm evolved over time in their cyber espionage efforts?  What can individuals or organizations do to mitigate cloud identity abuse?    Resources:   View Colton Bremer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    33 min

  2. 9 OCT

    Gingham Typhoon’s Cyber Expansion Into the South Pacific

    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Nick Monaco, Principal Threat Intelligence Analyst at Microsoft, delving into findings from Microsoft's April 2024 East Asia threat report. They discuss Gingham Typhoon's expanding cyber operations in the South Pacific, notably targeting strategic partners like Papua New Guinea despite their involvement in China's Belt and Road Initiative. The conversation shifts to Nylon Typhoon's global espionage efforts, including recent activities in South America and Europe. They also cover Volt Typhoon's sophisticated attacks on U.S. critical infrastructure and highlight Storm 1376's (now Tides of Flood) use of AI-generated news anchors for spreading misinformation. This episode emphasizes the evolving nature of cyber threats and influence operations, including the creative use of technology by adversaries to advance their agendas.  * This episode is from April 2024 and is not new information.    In this episode you’ll learn:          How Nylon Typhoon targets geopolitical intelligence in South America and Europe  The evolving landscape of influence operations and China's growing capabilities  How disinformation campaigns have exploited real-world events    Some questions we ask:         How has generative AI changed influence operations and disinformation?  What are the key trends in North Korean cyber operations with cryptocurrency and AI?  Why are Chinese influence operations engaging with questions on social media?    Resources:   View Nick Monaco on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    39 min

  3. 25 SEPT

    The Inside Scoop on Using KQL for Cloud Data Security

    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayan about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys.    In this episode you’ll learn:       How KQL is applied in real-world security scenarios including incident response  Key features and benefits of KQL when it comes to security and cloud data  Distinguishing between legitimate and malicious uses of remote management tools      Some questions we ask:        How does KQL tie into the Microsoft ecosystem, like Defender and Copilot?  What advice would you give to someone new to KQL who wants to start learning?  What is the technique we're seeing with copy-pasting malicious PowerShell?     Resources:   View Mark Morowczynski on LinkedIn  View Matt Zorich on LinkedIn  View Rod Trent on LinkedIn  View Lekshmi Vijayan on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    27 min

  4. 11 SEPT

    Citrine and Onyx Sleet: An Inside Look at North Korean Threat Actors

    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo discusses North Korean threat actors with one of our Microsoft Threat Intelligence researchers and Greg Schloemer focusing on two prominent groups: Onyx Sleet and Storm 0530. Onyx Sleet is a long-standing espionage group known for targeting defense and energy sectors, particularly in the U.S. and India. However, they’ve diversified into ransomware, using tactics like malware downloaders, zero-day vulnerabilities, and a remote access Trojan called D-Track. The conversation also touches on the use of fake certificates and the group's involvement in the software supply chain space.    In this episode you’ll learn:       The relationship between Onyx Sleet and Storm 0530  North Korea's broader strategy of using cyber-attacks and moonlighting activities  Surprising nature of recent attack chains involving vulnerability in the Chromium engine    Some questions we ask:      Does Onyx Sleet engage in cryptocurrency activities as well as traditional espionage?  How does the use of a fake Tableau software certificate fit into Onyx Sleet's attack chain?  Where does the name "Holy Ghost" come from, and why did they choose it?    Resources:   View Greg Schloemer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    29 min

  5. 28 AGO

    Black Basta and the Use of LLMs by Threat Actors

    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.     In this episode you’ll learn:        Why the takedown of Qakbot impacted Black Basta’s strategies  What malvertising is and why its persistence is due to the complex nature of ad traffic  How the MITRE Atlas framework assists defenders in identifying new threats    Some questions we ask:        What role does social engineering play in the campaigns involving Quick Assist?  How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?  Can you explain the changes in Black Basta’s initial access methods over the years?    Resources:   View Anna Seitz on LinkedIn   View Daria Pop on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    24 min

  6. 14 AGO

    Disrupting Cracked Cobalt Strike

    On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks.  To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.      In this episode you’ll learn:          The impact on detection engineers due to the crackdown on cracked Cobalt Strike  Extensive automation used to detect and dismantle large-scale threats  How the team used the DMCA creatively to combat cybercrime    Some questions we ask:          Do you encounter any pushback when issuing DMCA notifications?   How do you plan to proceed following the success of this operation?   Can you explain the legal mechanisms behind this take-down?    Resources:   View Jason Lyons on LinkedIn  View Bob Erdman on LinkedIn    View Richard Boscovich on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    39 min

  7. 31 JUL

    Behind the Scenes at Blue Hat IL: Security Advancements and Challenges

    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is live from Blue Hat Israel in Tel Aviv. Igal Lytzki and Din Serussi discuss their presentation on advanced phishing and evasion techniques, highlighting the rise of QR phishing and custom-made captures, which involve interactive challenges to bypass security systems. Gal Niv and Jonathan Jacobi discuss their experience with the Web3 challenge they created, focusing on a smart contract vulnerability on the Ethereum blockchain. Ida Vass, the mastermind behind BlueHat IL, talks about the conference’s impact and her motivation, driven by the community's spirit and the desire to continually innovate and Wolf Goerlich the keynote speaker, discusses his approach to the keynote, focusing on positive advancements in cybersecurity rather than dwelling on the negative.    In this episode you’ll learn:          Practical advice for organizations to bolster their email security defenses  The critical need to apply historical attack models to new technologies  Progress in hardening OS and network security and the shift in threat actor tactics    Some questions we ask:         What emerging technologies or threats do you find most intriguing or concerning?  How does the production level of BlueHat compare to other conferences?  What do state-sponsored email threats look like right now?     Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    51 min

  8. 17 JUL

    Hunting for AI Bug Bounty

    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure.     In this episode you’ll learn:          How AI Bug Bounty programs are reshaping traditional security practices  Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data  Why you should engage in AI bug hunting and contribute to the evolving security landscape    Some questions we ask:         Which products are currently included in the Bug Bounty program?  Should traditional bug bounty hunters start doing AI bug bounty hunting?  How can someone get started with AI bug hunting and submitting to your program?      Resources:   View Lynn Miyashita on LinkedIn   View Andrew Paverd on LinkedIn   View Sherrod DeGrippo on LinkedIn     Microsoft AI Bug Bounty Program      Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

    21 min
Ver todo (31)

Tráiler

5
de 5
18 calificaciones

Acerca de

Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.

Información

También te podría interesar

Para escuchar episodios explícitos, inicia sesión.

Mantente al día con este programa

Inicia sesión o regístrate para seguir programas, guardar episodios y enterarte de las últimas novedades.
Elige un país o región

Africa, Oriente Medio e India

Asia-Pacífico

Europa

Latinoamérica y el Caribe

Estados Unidos y Canadá