In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity.   In this episode you’ll learn:       How to evaluate whether a vendor is truly using AI in their product  The psychology behind why people fall for phishing attacks  Why human judgment will remain essential in the era of AI-driven security.  Some questions we ask:      How can AI unlock new capabilities in cybersecurity?  What questions should people ask AI security vendors?  Why do trained security professionals still fall for phishing attacks?  Resources:   View Zack Korman on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks.  They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI’s growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks.  Listeners will gain perspective on:  How AI is shaping both attacker tradecraft and defensive response.  Why identity remains the cornerstone of global cyber risk.  What Microsoft’s telemetry—spanning 600 million daily attacks—reveals about emerging threats and evolving defender strategies.  Questions explored:  How are threat actors using AI to scale deception and influence operations?  What does industrialized cybercrime mean for organizations trying to defend at scale?  How can defenders harness AI responsibly without overreliance or exposure?    Resources:   Download the report and executive summary  Register for Microsoft Ignite  View Chloé Messdaghi on LinkedIn  View Crane Hassold on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Tori Murphy, Anna Seitz, and Chuong Dong to break down two threats: the modular backdoor PipeMagic and Medusa ransomware. They discuss how PipeMagic disguises itself as a ChatGPT desktop app to deliver malware, its sophisticated modular design, and what defenders can do to detect it.   The team also explores Medusa’s evolution into a ransomware-as-a-service model, its use of double extortion tactics, and the broader threat landscape shaped by ransomware groups, social engineering, and the abuse of legitimate tools.   In this episode you’ll learn:       Why modular malware is harder to detect and defend against  How attackers abuse vulnerable drivers to disable security tools  Why leak sites play a central role in ransomware operations  Some questions we ask:      How did Microsoft researchers uncover PipeMagic in the wild?  Why do ransomware groups often borrow names and themes from mythology?  What initial access techniques are commonly associated with Medusa attacks?    Resources:   View Anna Seitz on LinkedIn  View Chuong Dong on LinkedIn    View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Kelly Bissell, Corporate Vice President at Microsoft, to explore how domain impersonation and typosquatting are changing in the age of AI.  They discuss how attackers are increasingly using AI and bots to scale online deception, why this tactic is so effective, and how Microsoft is countering cutting-edge defenses like Siamese neural networks to detect fraudulent domains in real time. Kelly shares insights on the massive scale of these threats, the shift toward defender advantage, and the broader implications for securing organizations worldwide.  In this episode you’ll learn:       How attackers use AI and bots to scale domain impersonation and typosquatting  Why defenders may finally have the higher ground in the fight against online fraud  How Microsoft’s Siamese neural network model detects fraudulent domains in real time  Some questions we ask:      What excites you most about this new detection approach?  How do fake domains fit into a larger social engineering chain?  What indicators should defenders watch for in typosquatting domains?    Resources:   View Kelly Bissell on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.  They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn:      How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask:     Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources:  View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is live from Black Hat 2025 with a special lineup of Microsoft security leaders and researchers. First, Sherrod sits down with Tom Gallagher, VP of Engineering and head of the Microsoft Security Response Center (MSRC). Tom shares how his team works with researchers worldwide, why responsible disclosure matters, and how programs like Zero Day Quest (ZDQ) are shaping the future of vulnerability research in cloud and AI security. He also announced the next iteration of ZTQ with $5 million up for grabs. Next, Sherrod is joined by Eric Baller (Senior Security Researcher) and Eric Olson (Principal Security Researcher) to unpack the fast-changing ransomware landscape. From dwell time collapsing from weeks to minutes, to the growing role of access brokers, they explore how attackers operate as organized ecosystems and how defenders can respond. Finally, Sherrod welcomes Travis Schack (Principal Security Researcher) alongside Eric Olson to examine the mechanics of social engineering. They discuss how attackers exploit urgency, trust, and human curiosity, why AI is supercharging phishing campaigns, and how defenders can fight back with both training and technology. In this episode you’ll learn:     How MSRC partners with researchers across 59 countries to protect customers Why Zero Day Quest is accelerating vulnerability discovery in cloud and AI How ransomware dwell times have shrunk from days to under an hour Resources: View Sherrod DeGrippo on LinkedIn  Zero Day Quest — Microsoft Microsoft Security Response Center Blog Related Microsoft Podcasts:   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Aarti Borkar, Simeon Kakpovi, and Andrew Rapp for a behind-the-scenes look at how Microsoft Threat Intelligence and Microsoft Incident Response teams collaborate as part of a closed-loop system, the emotional toll of breaches, and how organizations of any size can build resilience through preparation and psychological safety. By listening to this segment, you’ll get a preview of what this group brought to the main stage of Black Hat this year.  Later, Sherrod chats with Snow, co-founder of the Social Engineering Community Village at DEF CON, about her journey from special effects makeup to elite social engineer, and how empathy, creativity, and even a ladder can be powerful tools in physical security testing.  In this episode you’ll learn:       How Microsoft’s Digital Crimes Unit uses legal tactics to disrupt threat actors  Why rehearsing your incident response plan can save weeks of recovery time  How AI is being trained to make social engineering phone calls on its own  Some questions we ask:      How would you describe the overall health of the global cybersecurity landscape?  Why does tailoring AI prompts sometimes feel like social engineering?  What is the feedback loop between incident response, intelligence, and product protections?    Resources:   View Aarti Borkar on LinkedIn  View Simeon Kakpovi on LinkedIn   View Andrew Rapp on LinkedIn    View Sherrod DeGrippo on LinkedIn   Microsoft at Black Hat USA 2025    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Richard Boscovich and Derek Richardson from Microsoft’s Digital Crimes Unit to unpack the global takedown of Lumma Stealer, one of the world’s largest infostealer malware operations. They discuss how creative legal tools like RICO and centuries-old trespass laws, deep collaboration with global partners, and innovative technical strategies came together to seize 2,300 domains and protect nearly 400,000 victims. The episode explores how the DCU is shifting toward persistent, cost-imposing disruption of cybercrime as a service, and what this means for defenders everywhere.    In this episode you’ll learn:       How Microsoft took down one of the world’s largest infostealer malware operations  The global partnerships with Europol, Japan, and private companies in cyber takedowns  What happens to stolen victim data during a takedown operation    Some questions we ask:      How did you first identify Lumma as a high-priority threat?  Is persistent disruption now the new normal for DCU operations?  Do you see more operations like this coming from DCU in the future?    Resources:   View Richard Boscovich on LinkedIn   View Sherrod DeGrippo on LinkedIn   Disrupting Lumma Stealer: Microsoft Leads Global Action Against Favored Cybercrime Tool    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas.  Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team.  In this episode you’ll learn:       Why skipping talks at DEF CON to join contests and villages can be more valuable  Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions  The importance of connection and niche technical discussions in the hacker community    Some questions we ask:      What advice would you give to someone who has never been to DEF CON?  How does the team plan traps and misdirection in Hacker Jeopardy questions?  What do you think the community should focus on getting out of DEF CON?  Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Craig Nelson, who leads the elite Microsoft Red Team. Together, they dive into the art and impact of red teaming at Microsoft: what it means to simulate real-world attacks, how threat intelligence informs operations, and why collaboration between red and blue teams is crucial for organizational resilience.   Craig shares the surprising mission that blurred the lines between physical and cyber security, reflects on how AI is reshaping attacker tactics and defensive strategies, and offers advice for aspiring red teamers. From stories of early hacker days in the ’90s to navigating the complexities of securing cloud and AI systems, this conversation is packed with insights on how Microsoft stays ahead of evolving threats.  In this episode you’ll learn:       The role of human behavior in real-world security breaches  How Microsoft’s Secure Future Initiative impacts security culture  What the Microsoft Red Team does and what it doesn’t do  Some questions we ask:      How do you feel about getting caught during a red team operation?  What do you wish people paid more attention to in red team findings?  Is this new AI complexity good or bad for red teaming?    Resources:   View Craig Nelson on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit.   The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.  In this episode you’ll learn:       How targeting attacker techniques is more effective than chasing specific actors  The surprising ways threat actors use AI—for productivity, not just deepfakes  Why North Korean threat actors are building full-blown video games to drop malware  Some questions we ask:      What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry?  Why should cybersecurity professionals read legal indictments?  What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot?  Resources:   View Jeremy Dallman on LinkedIn   View Steven Masada on LinkedIn   View Sherrod DeGrippo on LinkedIn   Bold action against fraud: Disrupting Storm-1152    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.   This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!   Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.   In this episode you’ll learn:       What Kauzar V2 malware is and how it enables long-term remote access and data theft  How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating  Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics  Some questions we ask:      Are Russian threat actors adopting cybercriminal tactics like initial access brokers?  How does Kauzar V2 malware function, and why is it significant in this campaign?  What is ClickFix, and how does it differ from typical malware delivery methods?  Resources:   View Henning Rauch on LinkedIn   View Rebecca Light on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn   🕵️‍♀️ Register for the challenge (free!) https://detective.kusto.io/register  🎬 Official trailer featuring Lior Suchard https://youtu.be/sPmTX0ZrnE  🌐 Event homepage (info hub) https://detective.kusto.io  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm.   The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats.  In this episode you’ll learn:       How evolving network detection is helping stop threat actors  Why Seashell Blizzard targets industrial control systems  When fake Zoom links and meeting invites are used to lure victims into engagement  Some questions we ask:      Have North Korean hackers improved at social engineering lately?  What’s this subgroup’s main goal when it comes to network attacks?  Why would a group like this use such basic tactics instead of more advanced ones?    Resources:   View Megan Stalling on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     BadPilot Campaign, Seashell Blizzard   How Microsoft Names Threat Actors     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Lauren Proehl, Sydney Marrone, and Jamie Williams to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel.  The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels. In this episode you’ll learn:      The value of consistently publishing high-quality content How the THOR Collective addresses this issue through innovative and digestible content The importance of making complex InfoSec topics approachable for different experience levels Some questions we ask:       What’s going on with the rise in toll scam text messages? Why has social engineering remained such a successful tactic for threat actors? How does THOR Collective welcome new voices in InfoSec, and why is this crucial in today’s security landscape? Resources:  View Lauren Proehl on LinkedIn View Sydney Marrone on LinkedIn  View Jamie Williams on LinkedIn  View Sherrod DeGrippo on LinkedIn  THOR Collective Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard.  Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions.  In this episode you’ll learn:      Why threat actors like Star Blizzard are highly resilient and quickly adapting What steps users take to avoid falling victim to mobile malware Challenges of monitoring WhatsApp activity and why this platform has become a target Some questions we ask:       What role do QR codes play in Star Blizzard’s phishing campaigns? Why do you think phishing continues to be the number one access vector? How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions? Resources:  View Sarah Pfabe on LinkedIn  View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft’s incredible journey in cybersecurity.  They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft’s approach to tackling cybersecurity challenges.  In this episode you’ll learn:      How Microsoft evolved to lead the charge in cloud computing and AI Why Microsoft's security efforts have influenced the broader tech industry The evolution of Microsoft’s security, from XP Service Pack 2 to the Secure Future Initiative Some questions we ask:     How did the company’s culture and products impact you early on?  How have you seen Microsoft’s prioritization toward cybersecurity create change?  Resources:  View Charlie Bell on LinkedIn  View Stephanie Calabrese on LinkedIn  View John Lambert on LinkedIn  View Scott Woodgate on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by ransomware experts Allan Liska from Recorded Future and Jonathan Braley, Director of Threat Intelligence for IT-ISAC, to get a pulse check on the current state of ransomware.   They discuss how ransomware has shifted from simple attacks, like Locky, to more sophisticated, high-stakes campaigns targeting entire networks and demanding millions of dollars. Allan and Jonathan also highlight the rise of ransomware-as-a-service, the emergence of big game hunting attacks, and the increasingly professionalized criminal ecosystem surrounding ransomware. The conversation further explores the psychological aspects of cybercrime, focusing on the mindset of ransomware operators—particularly in Eastern Europe and Russia—where the line between crime and business can often be blurred.  In this episode you’ll learn:       Why attackers now target entire networks instead of just single machines  How cybercriminal groups turned ransomware into a profitable business model  The unique challenges healthcare employees face during ransomware attacks  Findings from IT-ISAC's recent ransomware reports    Some questions we ask:        How did the Colonial Pipeline attack lead to real-world actions?  Will paying the ransom restore the organization's data and operations?  What are the differences between ransomware from 10-12 years ago and ransomware today?    Resources:   View Allan Liska on LinkedIn   View Jonathan Braley on LinkedIn   View Sherrod DeGrippo on LinkedIn     IT-ISAC Ransomware report  Food and AG-ISAC Ransomware report  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.   Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.  In this episode you’ll learn:       Why the attack chain incorporates legacy malware like NetSupport RAT  The overlap between the Luma Stealer and Donarium malware families  How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads    Some questions we ask:         Can you explain how the malware uses the “image file execution objects” registry path?  What role does Netcat play in this campaign’s command and control?  Why do people still mine cryptocurrency today, with all the complexities and attack methods?    Resources:   View Kajhon Soyini on LinkedIn   View Sherrod DeGrippo on LinkedIn   Connect with Sherrod and the team at RSAC    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two Microsoft security researchers to analyze the latest Russian nation-sponsored cyber threat activity. They discuss how Russian threat actors—collectively referred to by Microsoft with the Blizzard suffix—are primarily targeting Ukraine and NATO member states, focusing on espionage, influence operations, and cyber disruption. The conversation covers Russia’s reliance on cybercrime infrastructure, the vulnerabilities of academic and IT supply chains, and the evolving tactics of groups like Secret Blizzard and Seashell Blizzard.     In this episode you’ll learn:       Why 90% of Russian cyber-attacks target Ukraine and NATO member states  How Russian threat actors exploit academic identities to infiltrate government networks  The role of cybercriminal marketplaces in supplying tools and access to nation-state actors    Some questions we ask:         How does Secret Blizzard leverage infrastructure from other threat groups?  Is there evidence of collaboration between different Russian cyber groups?  Why is identity security such a critical factor in cyber defense?      Resources:   Attending RSAC? Connect with Sherrod and Microsoft  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two expert guests to explore critical challenges in today’s evolving threat landscape.  First, Sherrod sits down with Kelly Bissell, CVP of Fraud at Microsoft, to discuss the complexities of combating fraud and product abuse. Kelly digs into the unique challenges Microsoft faces, highlighting prevalent schemes such as crypto mining, tech support scams, and the exploitation of deepfakes. Kelly also shares insights into Microsoft’s proactive approach, including recent Azure policy changes and efforts to detect and prevent fraud across its services, especially those attempting to use the compute power for crypto mining.  Later, Sherrod is joined by Priyanka Ramesha, Senior Threat Researcher on the Defender Experts team, to examine the rising risks of cloud-native attacks. They unpack why threat actors are increasingly targeting the cloud, exploiting its complexity, scalability, and common misconfigurations. Priyanka explains how attackers gain initial access through tactics like phishing, API exploitation, and OAuth abuse, and outlines their methods for credential theft, lateral movement, and data exfiltration.  In this episode you’ll learn:       What crypto mining looks like in Azure and how Microsoft detects and prevents it  The five main areas of fraud and product abuse that Microsoft focuses on  How attackers exploit the complexity and misconfigurations in cloud infrastructures    Some questions we ask:         How long do crypto mining operations run unnoticed in a customer's environment?  What changes did Microsoft make to its policy regarding crypto mining?  Why are legitimate apps sometimes compromised and used in attacks?    Resources:   View Kelly Bissell on LinkedIn    View Priyanka Ramesha on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.