Podcasts about sherrod degrippo

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft's Digital Crimes Unit.   The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.  In this episode you'll learn:       How targeting attacker techniques is more effective than chasing specific actors  The surprising ways threat actors use AI—for productivity, not just deepfakes  Why North Korean threat actors are building full-blown video games to drop malware  Some questions we ask:      What's the role of Microsoft's Digital Crimes Unit and how is it unique in the industry?  Why should cybersecurity professionals read legal indictments?  What impact did Microsoft's legal actions have on tools like Cobalt Strike and Quakbot?  Resources:   View Jeremy Dallman on LinkedIn   View Steven Masada on LinkedIn   View Sherrod DeGrippo on LinkedIn   Bold action against fraud: Disrupting Storm-1152    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft's Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.   This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!   Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.   In this episode you'll learn:       What Kauzar V2 malware is and how it enables long-term remote access and data theft  How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating  Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics  Some questions we ask:      Are Russian threat actors adopting cybercriminal tactics like initial access brokers?  How does Kauzar V2 malware function, and why is it significant in this campaign?  What is ClickFix, and how does it differ from typical malware delivery methods?  Resources:   View Henning Rauch on LinkedIn   View Rebecca Light on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm.   The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats.  In this episode you'll learn:       How evolving network detection is helping stop threat actors  Why Seashell Blizzard targets industrial control systems  When fake Zoom links and meeting invites are used to lure victims into engagement  Some questions we ask:      Have North Korean hackers improved at social engineering lately?  What's this subgroup's main goal when it comes to network attacks?  Why would a group like this use such basic tactics instead of more advanced ones?    Resources:   View Megan Stalling on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     BadPilot Campaign, Seashell Blizzard   How Microsoft Names Threat Actors     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Lauren Proehl, Sydney Marrone, and Jamie Williams to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel.  The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels. In this episode you'll learn:      The value of consistently publishing high-quality content How the THOR Collective addresses this issue through innovative and digestible content The importance of making complex InfoSec topics approachable for different experience levels Some questions we ask:       What's going on with the rise in toll scam text messages? Why has social engineering remained such a successful tactic for threat actors? How does THOR Collective welcome new voices in InfoSec, and why is this crucial in today's security landscape? Resources:  View Lauren Proehl on LinkedIn View Sydney Marrone on LinkedIn  View Jamie Williams on LinkedIn  View Sherrod DeGrippo on LinkedIn  THOR Collective Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard.  Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions.  In this episode you'll learn:      Why threat actors like Star Blizzard are highly resilient and quickly adapting What steps users take to avoid falling victim to mobile malware Challenges of monitoring WhatsApp activity and why this platform has become a target Some questions we ask:       What role do QR codes play in Star Blizzard's phishing campaigns? Why do you think phishing continues to be the number one access vector? How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions? Resources:  View Sarah Pfabe on LinkedIn  View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft's incredible journey in cybersecurity.  They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft's approach to tackling cybersecurity challenges.  In this episode you'll learn:      How Microsoft evolved to lead the charge in cloud computing and AI Why Microsoft's security efforts have influenced the broader tech industry The evolution of Microsoft's security, from XP Service Pack 2 to the Secure Future Initiative Some questions we ask:     How did the company's culture and products impact you early on?  How have you seen Microsoft's prioritization toward cybersecurity create change?  Resources:  View Charlie Bell on LinkedIn  View Stephanie Calabrese on LinkedIn  View John Lambert on LinkedIn  View Scott Woodgate on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by ransomware experts Allan Liska from Recorded Future and Jonathan Braley, Director of Threat Intelligence for IT-ISAC, to get a pulse check on the current state of ransomware.   They discuss how ransomware has shifted from simple attacks, like Locky, to more sophisticated, high-stakes campaigns targeting entire networks and demanding millions of dollars. Allan and Jonathan also highlight the rise of ransomware-as-a-service, the emergence of big game hunting attacks, and the increasingly professionalized criminal ecosystem surrounding ransomware. The conversation further explores the psychological aspects of cybercrime, focusing on the mindset of ransomware operators—particularly in Eastern Europe and Russia—where the line between crime and business can often be blurred.  In this episode you'll learn:       Why attackers now target entire networks instead of just single machines  How cybercriminal groups turned ransomware into a profitable business model  The unique challenges healthcare employees face during ransomware attacks  Findings from IT-ISAC's recent ransomware reports    Some questions we ask:        How did the Colonial Pipeline attack lead to real-world actions?  Will paying the ransom restore the organization's data and operations?  What are the differences between ransomware from 10-12 years ago and ransomware today?    Resources:   View Allan Liska on LinkedIn   View Jonathan Braley on LinkedIn   View Sherrod DeGrippo on LinkedIn     IT-ISAC Ransomware report  Food and AG-ISAC Ransomware report  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.   Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.  In this episode you'll learn:       Why the attack chain incorporates legacy malware like NetSupport RAT  The overlap between the Luma Stealer and Donarium malware families  How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads    Some questions we ask:         Can you explain how the malware uses the “image file execution objects” registry path?  What role does Netcat play in this campaign's command and control?  Why do people still mine cryptocurrency today, with all the complexities and attack methods?    Resources:   View Kajhon Soyini on LinkedIn   View Sherrod DeGrippo on LinkedIn   Connect with Sherrod and the team at RSAC    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two Microsoft security researchers to analyze the latest Russian nation-sponsored cyber threat activity. They discuss how Russian threat actors—collectively referred to by Microsoft with the Blizzard suffix—are primarily targeting Ukraine and NATO member states, focusing on espionage, influence operations, and cyber disruption. The conversation covers Russia's reliance on cybercrime infrastructure, the vulnerabilities of academic and IT supply chains, and the evolving tactics of groups like Secret Blizzard and Seashell Blizzard.     In this episode you'll learn:       Why 90% of Russian cyber-attacks target Ukraine and NATO member states  How Russian threat actors exploit academic identities to infiltrate government networks  The role of cybercriminal marketplaces in supplying tools and access to nation-state actors    Some questions we ask:         How does Secret Blizzard leverage infrastructure from other threat groups?  Is there evidence of collaboration between different Russian cyber groups?  Why is identity security such a critical factor in cyber defense?      Resources:   Attending RSAC? Connect with Sherrod and Microsoft  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two expert guests to explore critical challenges in today's evolving threat landscape.  First, Sherrod sits down with Kelly Bissell, CVP of Fraud at Microsoft, to discuss the complexities of combating fraud and product abuse. Kelly digs into the unique challenges Microsoft faces, highlighting prevalent schemes such as crypto mining, tech support scams, and the exploitation of deepfakes. Kelly also shares insights into Microsoft's proactive approach, including recent Azure policy changes and efforts to detect and prevent fraud across its services, especially those attempting to use the compute power for crypto mining.  Later, Sherrod is joined by Priyanka Ramesha, Senior Threat Researcher on the Defender Experts team, to examine the rising risks of cloud-native attacks. They unpack why threat actors are increasingly targeting the cloud, exploiting its complexity, scalability, and common misconfigurations. Priyanka explains how attackers gain initial access through tactics like phishing, API exploitation, and OAuth abuse, and outlines their methods for credential theft, lateral movement, and data exfiltration.  In this episode you'll learn:       What crypto mining looks like in Azure and how Microsoft detects and prevents it  The five main areas of fraud and product abuse that Microsoft focuses on  How attackers exploit the complexity and misconfigurations in cloud infrastructures    Some questions we ask:         How long do crypto mining operations run unnoticed in a customer's environment?  What changes did Microsoft make to its policy regarding crypto mining?  Why are legitimate apps sometimes compromised and used in attacks?    Resources:   View Kelly Bissell on LinkedIn    View Priyanka Ramesha on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

According to Dark Reading, an unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep. herrod DeGrippo, director of threat intelligence strategy at Microsoft, joins host Steve Morgan in this episode to discuss the new HIPAA rules, including the standards healthcare organizations will now be held to, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Elise Eldridge and Anna Seitz to discuss the most recent notable developments across the threat landscape.   The threat actor, also known as Sandworm or APT44, has also been observed resuming the use of the wrappers WalnutWipe and SharpWipe, and expanded the use of the Prickly Pear malware downloader. The team highlights the geopolitical implications of these attacks, particularly in the context of Russia's influence on energy and global events. Sherrod also touches on the history of wipers in cyber operations and transitions to a discussion with Elise about trends in North Korean cyber activity, emphasizing Microsoft's ongoing efforts to analyze and mitigate these threats.  In this episode you'll learn:       Why recent attacks have targeted the European energy sector  How Seashell Blizzard's attacks in 2024 involved spear-phishing campaigns  Why North Korean hackers infiltrate companies through remote IT job programs    Some questions we ask:        How has Seashell Blizzard returned to using wipers, and what might explain this shift?  After sending out crafted spear-phishing emails, what happens next in the attack chain?  How might global geopolitics impact Seashell Blizzard's campaigns?     Resources:   View Elise Eldridge LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Caitlin Hopkins, Diana Duvieilh, and Anna Seitz to discuss the latest trends in cybersecurity threats.   The team explores OSINT observations around Remote Monitoring and Management (RMM) tools like Screen Connect by nation-state actors and reveals how they are used to deploy malware like AsyncRAT, ransomware, and execute phishing scams. They also uncover alarming tactics, such as North Korean IT workers posing as legitimate coders to infiltrate organizations, who steal cryptocurrency and use it to fund their regime. Since 2017 they have contributed to the theft of more than $3 billion.  In this episode you'll learn:       The role of tech support scam websites in tricking victims into allowing remote access  How cybercriminal and nation-state actors are increasingly exploiting remote monitoring  Why the financial services sector is a major target for cyberattacks    Some questions we ask:         What is Screen Connect, and why is it attractive to threat actors?  How long have RMM tools been used in C2 frameworks?  Why are remote management tools being used in command-and-control systems?    Resources:   View Caitlin Hopkins on LinkedIn   View Diana Duvieilh on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025! On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks.  To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.      In this episode you'll learn:          The impact on detection engineers due to the crackdown on cracked Cobalt Strike  Extensive automation used to detect and dismantle large-scale threats  How the team used the DMCA creatively to combat cybercrime    Some questions we ask:          Do you encounter any pushback when issuing DMCA notifications?   How do you plan to proceed following the success of this operation?   Can you explain the legal mechanisms behind this take-down?    Resources:   View Jason Lyons on LinkedIn  View Bob Erdman on LinkedIn    View Richard Boscovich on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.   Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Christian Dameff and Jeff Tully, co-directors from the UCSD Center for Healthcare Cybersecurity, and contributors to our recent Healthcare Ransomware report.   They discuss their unique backgrounds as doctors and hackers, focusing on healthcare cybersecurity, and the growing risks of hospital ransomware attacks. Christian shares his journey from hacking as a teenager to combining his passion for medicine and cybersecurity, particularly the risks posed to patient safety by vulnerable medical devices. Jeff adds his perspective, highlighting the parallels between medicine and hacking, and their efforts at UCSD to bring evidence-based research to healthcare cybersecurity. The conversation explores the challenges and importance of protecting critical healthcare systems from cyber threats, aiming to improve patient safety and outcomes.  In this episode you'll learn:       How medical device vulnerabilities reveal the impact of cybersecurity on patient care  The lack of comprehensive data on healthcare ransomware attacks  When ransomware-induced disruptions can delay life-saving procedures    Some questions we ask:         As healthcare providers, what stands out to you about ransomware in healthcare?  What does the UCSD Center for Healthcare Cybersecurity do?  What ransomware attacks are common in healthcare, and how do they differ from other industries?    Resources:   View Jeff Tully on LinkedIn   View Christian Dameff on LinkedIn   View Sherrod DeGrippo on LinkedIn   Healthcare Ransomware Report    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft's Dinesh Natarajan, Senior Threat Hunter, and Thomas Ball, Senior Security Researcher. They unpack recent findings around AsyncRAT, a remote access Trojan (RAT) used for keylogging, data exfiltration, and deploying further malware.     Dinesh explains how attackers are now using screen-sharing tools, like Screen Connect, as part of a new infection chain that makes the malware delivery process more deceptive. Thomas then shares insights on SectopRAT, another threat targeting browser data and crypto wallets. Uniquely, this RAT creates a second desktop, allowing attackers to operate undetected.     Next, Sherrod talks with Microsoft's Senior Director of Diplomacy, Kaja Ciglic, about the UN's proposed cybercrime treaty. Originally spearheaded by Russia, the treaty aims to create a global framework for prosecuting cybercrime, but critics worry about its potential impact on freedom of expression and human rights.    In this episode you'll learn:       How tech support scam emails lead to AsyncRAT installations on different devices  The importance of leveraging tools like Microsoft Defender's SmartScreen for protection  The treaty encourages cooperation but may let governments exploit unclear cybercrime definitions    Some questions we ask:     How does social engineering through email play a role in these attacks?  What capabilities does AsyncRat have, and why is it so concerning?  How do we ensure the treaty doesn't impact freedom of expression or human rights?    Resources:   View Dinesh Natarajan on LinkedIn  View Thomas Ball on LinkedIn  View Kaja Ciglic on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Proofpoint's Greg Lesnewich and Microsoft's Greg Schloemer to share the unique threat posed by North Korea's (DPRK) state-sponsored cyber activities. The Gregs discuss their years of experience tracking North Korean cyber actors and the distinct tactics that set DPRK apart from other nation-sponsored threats. The conversation also explores North Korea's high stakes, as DPRK threat actors operate under intense pressure from government handlers, adding a layer of urgency and fear to their operations. They share insights into North Korea's aggressive use of stolen cryptocurrency to fund the regime's initiatives, like ballistic missile tests, and discuss the broader geopolitical impact.   In this episode you'll learn:       The technical sophistication and the relentlessness of DPRK cyber tactics  Complex motives behind funding and sustaining the North Korean government  The training and skills development of North Korean cyber operators    Some questions we ask:      How do North Korean threat actors set up their relay networks differently?  What sets North Korea apart from other nation-sponsored threat actors?  How do North Korean cyber actors differ from traditional e-crime actors?    Resources:   View Greg Schloemer on LinkedIn   View Greg Lesnewich on LinkedIn  View Sherrod DeGrippo on LinkedIn     Blog links:  Citrine Sleet Observed Exploiting Zero Day  New North Korean Threat Actor Identified as Moonstone Sleet  East Asia Threat Actor Technique Report    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Yonatan Zunger, CVP of AI Safety and Security at Microsoft. The conversation delves into the critical role of the AI Red Team, which focuses on identifying vulnerabilities in AI systems. Yonatan emphasizes the importance of ensuring the safety of Microsoft's AI products and the innovative methods the team employs to simulate potential threats, including how they assess risk and develop effective responses. This engaging dialogue offers insights into the intersection of technology, security, and human behavior in the evolving landscape of AI.     In this episode you'll learn:          Why securing AI systems requires understanding their unique psychology  The importance of training and technical mitigations to enhance AI safety  How financial incentives drive performance improvements in AI systems  Some questions we ask:         How does Retrieval Augmented Generation (RAG) work?  What are the potential risks with data access and permissions in AI systems?  Should users tell language models that accuracy affects their rewards to improve responses?  Resources:   View Yonatan Zunger on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna and Keivan to discuss two prominent threat actors: Vanilla Tempest and Peach Sandstorm.  Vanilla Tempest, a financially motivated cybercrime group, has been involved in recent ransomware attacks on U.S. hospitals, utilizing various ransomware payloads such as Ink. They are known for using tools like PowerShell scripts and Goot Loader to exfiltrate data and extort victims. Peach Sandstorm, an Iranian nation-state threat actor, focuses on cyber espionage and intelligence collection. They have targeted various sectors, including energy, defense, and critical infrastructure, and have shown increasing sophistication in their attacks. Later, Sherrod speaks with Colton Bremer, a senior security researcher at Microsoft, about his work on the Defender Experts (DEX) team. Colton explains the different tiers of DEX services, which focus on detecting and mitigating advanced threats that may bypass traditional security measures.  In this episode you'll learn:       A backdoor called Tickler that uses Azure infrastructure for command and control  The significance of these groups' tactics and maintaining ransomware resiliency  The different tiers of DEX services detecting and mitigating advanced threats    Some questions we ask:     How does Vanilla Tempest typically execute their attacks?  Has Peach Sandstorm evolved over time in their cyber espionage efforts?  What can individuals or organizations do to mitigate cloud identity abuse?    Resources:   View Colton Bremer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode, host Raghu Nandakumara sits down with Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, to explore the evolving landscape of cyber threats and the importance of resilience in the face of ransomware. They discuss the changing tactics of threat actors, the critical role of Zero Trust in modern cybersecurity, and the growing influence of AI on both cyber defense and offense. Sherrod also shares insights into balancing objective and subjective assessments in security, emphasizing the need for strong foundational practices and operational resilience.--------“Pre-decision making. If we come under ransom, are we going to pay? A lot of people start spiraling and it's like, wait, do you want to be spiraling now or do you want to be spiraling when we're actually under ransom? Let's spiral now. Let's do that worrying now, so that if something happens in the future, we're ready for that.”--------Time Stamps (04:53) Sherrod's career journey(16:15) Importance of basic security practices in ransomware resilience(18:37) Ransomware: To pay or not to pay?(22:08) Building a culture of ransomware resilience(26:19) Subjectivity of security(29:51) Evolution of threat actors(34:13) Zero Trust's impact on security(46:04) Role of AI in cybersecurity(49:49) Future of threat intelligence --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.Illumio World Tour --------LinksConnect with Sherrod on LinkedIn

The White House is launching a cybersecurity hiring sprint to help fill 500,000 job openings. Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, joins host Paul John Spaulding in this episode to discuss the new program, how the government is working to fill this continued gap in cyber, technology, and AI, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Nick Monaco, Principal Threat Intelligence Analyst at Microsoft, delving into findings from Microsoft's April 2024 East Asia threat report. They discuss Gingham Typhoon's expanding cyber operations in the South Pacific, notably targeting strategic partners like Papua New Guinea despite their involvement in China's Belt and Road Initiative. The conversation shifts to Nylon Typhoon's global espionage efforts, including recent activities in South America and Europe. They also cover Volt Typhoon's sophisticated attacks on U.S. critical infrastructure and highlight Storm 1376's (now Tides of Flood) use of AI-generated news anchors for spreading misinformation. This episode emphasizes the evolving nature of cyber threats and influence operations, including the creative use of technology by adversaries to advance their agendas.  * This episode is from April 2024 and is not new information.    In this episode you'll learn:          How Nylon Typhoon targets geopolitical intelligence in South America and Europe  The evolving landscape of influence operations and China's growing capabilities  How disinformation campaigns have exploited real-world events    Some questions we ask:         How has generative AI changed influence operations and disinformation?  What are the key trends in North Korean cyber operations with cryptocurrency and AI?  Why are Chinese influence operations engaging with questions on social media?    Resources:   View Nick Monaco on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayne about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys.    In this episode you'll learn:       How KQL is applied in real-world security scenarios including incident response  Key features and benefits of KQL when it comes to security and cloud data  Distinguishing between legitimate and malicious uses of remote management tools      Some questions we ask:        How does KQL tie into the Microsoft ecosystem, like Defender and Copilot?  What advice would you give to someone new to KQL who wants to start learning?  What is the technique we're seeing with copy-pasting malicious PowerShell?     Resources:   View Mark Morowczynski on LinkedIn  View Matt Zorich on LinkedIn  View Rod Trent on LinkedIn  View Lekshmi Vijayne on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo discusses North Korean threat actors with one of our Microsoft Threat Intelligence researchers and Greg Schloemer focusing on two prominent groups: Onyx Sleet and Storm 0530. Onyx Sleet is a long-standing espionage group known for targeting defense and energy sectors, particularly in the U.S. and India. However, they've diversified into ransomware, using tactics like malware downloaders, zero-day vulnerabilities, and a remote access Trojan called D-Track. The conversation also touches on the use of fake certificates and the group's involvement in the software supply chain space.    In this episode you'll learn:       The relationship between Onyx Sleet and Storm 0530  North Korea's broader strategy of using cyber-attacks and moonlighting activities  Surprising nature of recent attack chains involving vulnerability in the Chromium engine    Some questions we ask:      Does Onyx Sleet engage in cryptocurrency activities as well as traditional espionage?  How does the use of a fake Tableau software certificate fit into Onyx Sleet's attack chain?  Where does the name "Holy Ghost" come from, and why did they choose it?    Resources:   View Greg Schloemer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

DEF CON is the world's longest-running and largest underground hacking conference. This year's event took place from August 8th to 11th in Las Vegas, Nevada. Cybercrime Magazine was in attendance with top cybersecurity expert and director of threat intelligence strategy at Microsoft, Sherrod DeGrippo. Tune in to hear some of the top highlights from this year's attendees, including what makes this event so special, how it has changed over the years, and more. Learn more at https://defcon.org. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.     In this episode you'll learn:        Why the takedown of Qakbot impacted Black Basta's strategies  What malvertising is and why its persistence is due to the complex nature of ad traffic  How the MITRE Atlas framework assists defenders in identifying new threats    Some questions we ask:        What role does social engineering play in the campaigns involving Quick Assist?  How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?  Can you explain the changes in Black Basta's initial access methods over the years?    Resources:   View Anna Seitz on LinkedIn   View Daria Pop on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks.  To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.      In this episode you'll learn:          The impact on detection engineers due to the crackdown on cracked Cobalt Strike  Extensive automation used to detect and dismantle large-scale threats  How the team used the DMCA creatively to combat cybercrime    Some questions we ask:          Do you encounter any pushback when issuing DMCA notifications?   How do you plan to proceed following the success of this operation?   Can you explain the legal mechanisms behind this take-down?    Resources:   View Jason Lyons on LinkedIn  View Bob Erdman on LinkedIn    View Richard Boscovich on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

DEF CON is the world's longest-running and largest underground hacking conference. This year's event is taking place from August 8th to 11th in Las Vegas, Nevada. Ahead of the conference, we spoke to Sherrod Degrippo, frequent DEF CON attendee and Director of Threat Intelligence Strategy at Microsoft, about what makes it special, and how to get the most out of one's experience. Learn more about the upcoming event at https://defcon.org. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Decipher editors Dennis Fisher and Lindsey O"Donnell-Welch are joined by Brian Donohue to dissect the Black Hat talks they're looking forward to, including sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, and some talks they can't quite figure out from the titles.

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is live from Blue Hat Israel in Tel Aviv. Igal Lytzki and Din Serussi discuss their presentation on advanced phishing and evasion techniques, highlighting the rise of QR phishing and custom-made captures, which involve interactive challenges to bypass security systems. Gal Niv and Jonathan Jacobi discuss their experience with the Web3 challenge they created, focusing on a smart contract vulnerability on the Ethereum blockchain. Ida Vass, the mastermind behind BlueHat IL, talks about the conference's impact and her motivation, driven by the community's spirit and the desire to continually innovate and Wolf Goerlich the keynote speaker, discusses his approach to the keynote, focusing on positive advancements in cybersecurity rather than dwelling on the negative.    In this episode you'll learn:          Practical advice for organizations to bolster their email security defenses  The critical need to apply historical attack models to new technologies  Progress in hardening OS and network security and the shift in threat actor tactics    Some questions we ask:         What emerging technologies or threats do you find most intriguing or concerning?  How does the production level of BlueHat compare to other conferences?  What do state-sponsored email threats look like right now?     Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

According to Rusi.org, more individuals and organizations globally are becoming victims of ransomware. However, little is known about their experiences. Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, joins host Steve Morgan in this episode to discuss the ransomware victim experience and hacking's harmful toll. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure.     In this episode you'll learn:          How AI Bug Bounty programs are reshaping traditional security practices  Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data  Why you should engage in AI bug hunting and contribute to the evolving security landscape    Some questions we ask:         Which products are currently included in the Bug Bounty program?  Should traditional bug bounty hunters start doing AI bug bounty hunting?  How can someone get started with AI bug hunting and submitting to your program?      Resources:   View Lynn Miyashita on LinkedIn   View Andrew Paverd on LinkedIn   View Sherrod DeGrippo on LinkedIn     Microsoft AI Bug Bounty Program      Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast recorded at the RSA Conference in San Francisco, host Sherrod DeGrippo engages with a diverse group of cybersecurity experts. David Weston, VP of Operating System Security at Microsoft, discusses the evolution of Windows security and the role of AI. Jamie Williams from MITRE shares insights on the importance of product functionality in cybersecurity. Emma Stewart, Chief Power Grid Scientist at Idaho National Lab, talks about securing the digital transition of the power grid. Joe Slowik from MITRE emphasizes the importance of threat intelligence and integrating cybercrime entities into their attack framework. Lindsey O'Donnell, executive editor of Decipher, highlights AI's crucial role in cybersecurity and finally, Todd Pauley, deputy CISO of the Texas Education Agency, discusses the challenges faced by small school districts in Texas.    In this episode you'll learn:          How Windows security has transitioned from user-controlled to Microsoft-managed  The importance of understanding product functionality to combat cyber threats  Securing the power grid's digital transition and cloud technologies for grid control     Some questions we ask:         What challenges and opportunities arise in securing the power grid's digital transition?  How does AI enhance security in Windows operating systems?  What were some of the most memorable sessions you attended at RSA?    Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Mark Russinovich.  Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, joins the show to talk about his journey from developing on-prem tools like Sysinternals to working in the cloud with Azure. Sherrod and Mark discuss the evolution of cybersecurity, the role of AI in threat intelligence, and the challenge of jailbreaking AI models. Mark shares his experiences with testing AI models for vulnerabilities, including his discovery of the "Crescendo" and "Masterkey" methods to bypass safety protocols. They also touch on the issue of poisoned training data and its impact on AI reliability, while highlighting the importance of staying ahead in cybersecurity.  In this episode you'll learn:       The shift from desktop computing to cloud-based systems and its implications  Potential consequences of AI models having overridable safety instructions  How AI training data can manipulate the outcomes generated by AI models  Some questions we ask:      Will AI owners be able to stop data poisoning, or will it become more common?  Can you share challenges and vulnerabilities in maintaining the security of AI systems?  What sparked your interest in AI jailbreaks, and what trends are you seeing?  Resources:   View Mark Russinovich on LinkedIn   View Sherrod DeGrippo on LinkedIn     AI jailbreaks: What they are and how they can be mitigated? https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/  Inside AI Security with Mark Russinovich | BRK227  https://www.youtube.com/watch?v=f0MDjS9-dNw  How Microsoft discovers and mitigates evolving attacks against AI guardrails. https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/  Google AI said to put glue on pizza. https://www.businessinsider.com/google-ai-glue-pizza-i-tried-it-2024-5    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

If your business uses remote access tools like VPNs, you may want to watch out, as hackers have been targeting these tools with ransomware, according to Toms Guide. Research by cyber insurance provider At-Bay has found that remote access tools were the intrusion point for 58% of ransomware attacks in 2023. Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, joins host Steve Morgan in this episode to discuss. • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by two of MSTIC's finest analysts. They discuss recent trends in financially motivated cyber threats observed by Microsoft, focusing particularly on two cases: the Grandoreiro banking Trojan and the Luna Tempest crimeware actor. The Grandoreiro Trojan, active since 2017, has expanded globally beyond its initial Latin American focus, now targeting countries like the U.S. and the UK. This Trojan typically starts with phishing emails to steal financial information. Despite efforts to disrupt this activity, new clusters have emerged. The discussion also covers Luna Tempest, a U.S.- and UK-based extortion group targeting startups and smaller companies, particularly in sectors like insurance, FinTech, and biotech, seeking high payouts by threatening to release sensitive data.    In this episode you'll learn:       The resilience and adaptability of threat actors in response to global disruption efforts  Why Luna Tempest focuses solely on extortion without deploying ransomware  How the Grandoreiro Banking Trojan has expanded globally     Some questions we ask:      How do we distinguish between the various threat actor groups and their malware?  What can businesses do to protect themselves from identity-based attacks?  Have these cybercriminals perfected an extortion program?    Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Andrew Morris, Founder & Chief Architect at GreyNoise and Lauren Proehl, Director of Global Cyber Defense at Marsh McLennan. Lauren Proehl is an experienced cybersecurity leader who has helped defend against threat actors in Fortune 500 networks and has managed multiple divisions focused in defensive security and specializes in innovative cyber defense. GreyNoise operates a huge sensor network across the internet that collects primary sourced data on which vulnerabilities attackers are exploiting, when they start, and from where. Sherrod, Lauren, and Andrew discuss the effectiveness of banning ransomware payments, the importance of focusing on backup and disaster recovery strategies, the necessity of investing in basic security measures like endpoint detection and response, multi-factor authentication, and log storage.     In this episode you'll learn:       The potential for ransomware attacks on physical infrastructure  Why most are hesitant to become a CISO and the expectations that come with the role  Challenges when try to balance technical expertise with leadership skills    Some questions we ask:      Can government or law enforcement agencies evolve in combating ransomware?   Where do you believe organizations can invest to improve their cybersecurity?  How do you expect ransomware to change with tactics like double or triple extortion?    Resources:   View Lauren Proehl on LinkedIn   View Andrew Morris on LinkedIn      View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andreas stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.      In this episode you'll learn:       The importance of proactive security and code review in the open-source community  Why anomalies in software behavior should prompt curiosity and investigation  Open-source community cooperation is vital for spotting and addressing security risks    Some questions we ask:      Could you explain the security issue you found in SSH and its significance?  How serious is this threat, and what steps can organizations take to defend against it?  What advice do you have for open-source contributors?    Resources:   View Andres Freund on LinkedIn   View Thomas Roccia on LinkedIn      View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Recently discovered software vulnerabilities in tens of thousands of LG smart TVs could allow cybercriminals to hijack them, according to Quartz. Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, joins host Paul John Spaulding in this episode to discuss this news, including whether consumers should be worried, how to protect your devices, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode Michael, Sarah and Mark talk with guest Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft about the current state of Threat Intelligence. We also discuss Azure Security news about Tampa BSides, Virtual Networks, Azure Database for MySQL and PostgreSQL, and SQL Server on Linux.The Microsoft Azure Security Podcast (azsecuritypodcast.net)

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.      In this episode you'll learn:       The genesis of the project scumbots and its functionality  Challenges when dealing with commercial threat intelligence companies   The increasing sophistication of cybercrime and the potential for new tactics     Some questions we ask:      How has your time in incident response evolved over the years?  What advice would you give to aspiring cybersecurity professionals  Do you believe organizations can adapt and innovate their defense strategies?    Resources:   Scumbots on Twitter  View Paul Melson on LinkedIn      View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Microsoft Secure in San Francisco and is joined by Brandon Dixon and Vasu Jakkal. As Group Product Manager for Security Copilot, Brandon is helping to shape how generative AI is used to empower professionals to focus on what matters most. Brandon reflects on how security practices have changed, mental health in the security industry and how AI can empower individuals in the tech and infosec fields. Vasu discusses her passion for cybersecurity and its impact on global safety. She emphasizes the importance of inclusivity and optimism in tackling security challenges and shares her journey into cybersecurity, which was influenced by her love for technology instilled by watching Star Trek. Vasu also highlights the transformative potential of AI, particularly Microsoft Copilot for Security, in enhancing defense capabilities and catching new threats.     In this episode you'll learn:       AI enhancing security practices and empowering individuals in the cybersecurity field  The value of sharing ideas for critique, fostering inspiration, and driving innovation  How AI has the power to unveil the wonders of the world while enhancing safety   Some questions we ask:      How will Co-Pilot for Security affect threat intelligence professionals and their work?  What are you using AI for at work, both in terms of security and more generic AI?  Can you share examples of how Copilot helps in your personal life?    Resources:   View Brandon Dixon on LinkedIn   View Vasu Jakkal on LinkedIn     View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this week's Memory Safe episode, Sherrod DeGrippo of Microsoft talks about her first experiences with hacker culture, why a Stanley Kubrik movie shows a glimpse of what AI is, and how she makes sure that “threat intelligence hits the right note.”

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss tax season cybersecurity threats, including what cybercriminals want and who they're targeting most. • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Times Square at Microsoft Secure and is joined by Chris Wysopal, Chip Calhoun, and Torrell Funderburk. Chris (aka Weld Pond) reflects on his experiences with L0pht, the evolution of bug bounty programs and their dominance in the cybersecurity space, highlighting both the benefits and drawbacks. Chip explains how Copilot for Security assists with threat hunting and script analysis, enhancing analysts' capabilities in identifying threats and malicious activities. He also touches on the prevalent threat actor profiles, highlighting the prevalence of e-crime and the potential impact of nation-state actors. Terrell expresses excitement about the advancements in their security program and the ability to detect and respond at scale. He also discusses his transition from software engineering to cybersecurity and encourages others to consider the move due to the foundational similarities between the fields.       In this episode you'll learn:       Complications from vulnerabilities discovered in open-source software  Practical applications of Copilot in incident response and threat intelligence  The importance of curiosity and problem-solving skills when building a security team.     Some questions we ask:       How do you view the role of AI and machine learning in security, and bug bounties?  What do you think is unique about securing critical infrastructure targets?  Will AI influence security practices in organizations and industries going forward?    Resources:   View Chris Wysopal on LinkedIn  View Chip Calhoun on LinkedIn   View Torrell Funderburk on LinkedIn    View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Emily Yale and Anna Bertiger. The discussion delves into Emily and Anna's daily activities within the security domain. Emily highlights her role in supporting Microsoft's internal Security Operations Center by building detections for potential threats. Anna emphasizes the practical application of research in solving security problems and focuses on anomaly detection in post-breach security. Emily and Anna provide insights into Microsoft's work culture, the intersection of technology and security, the importance of mathematical and data science skills in tech roles, and the practical applications of AI tools in professional and personal contexts.    In this episode you'll learn:       How data scientists support the internal SOC and enhance security  The importance of anomaly detection in post-breach security  Combining security with mathematical skills to create practical solutions     Some questions we ask:         What types of unusual patterns indicate malicious activity?   Is there difficulty in securing AI models compared to traditional code?   Should data science methods be used over complex models?    Resources:   View Emily Yale on LinkedIn   View Anna Bertiger on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.   

On this episode of The Six Five - On the Road, hosts Krista Macomber and Will Townsend are joined by Microsoft's Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft Secure for a conversation on the evolving landscape of AI and cybersecurity and how Microsoft Copilot for Security can be used to enhance threat intelligence strategies. Their discussion covers: How attackers utilize new AI capabilities and Microsoft's strategies to assist organizations in combating these increasingly sophisticated threats. The potential for AI to revolutionize cybersecurity with a focus on proactive threat detection. The impact of Microsoft Copilot for Security on the daily routines of threat analysts. The effects of generative AI on attack methods, the current state of AI integration within security tools, and the anticipated adoption rate within the industry. Addressing the cyber-security skills gap with the help of generative AI.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Stella Aghakian and Holly Burmaster. They explore the intrigue of watching threat actors and their techniques and walk through these techniques and how they are educational and critical in threat intelligence work. They also discuss their experiences at Microsoft Ignite, insights into the cyber threat actor Octo Tempest, and personal reflections on threat intelligence and favorite threat actors. Both Stella and Holly discuss how they thrive on the uncertainty and variety of their work despite the long hours and high pressure but appreciate the supportive team environment that helps them.      In this episode you'll learn:       Challenges of incident response when dealing with destructive threat actors  Difficulty in managing the emotional aspects of incident response  The unpredictability and dynamic nature of incident response work     Some questions we ask:        How is the workflow structured in incident response teams?  What traits are crucial for excelling in the high-pressure world of incident response?  Do Dart and Mystic teams collaborate in incident responses?    Resources:   View Stella Aghakian on LinkedIn   View Holly Burmaster on LinkedIn   View Sherrod DeGrippo on LinkedIn   Octo Tempest Threat Actor profile  Protecting credentials against social engineering    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.   

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss the spread of misinformation in cybersecurity, highlighted in regard to the widely-covered, recent "toothbrush DDoS attack." • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Bryan Prior and Nirit Hinkis from the Microsoft Threat Analysis Center. Sherrod, Bryan, and Nirit discuss Iranian influence operations, distinguishing between influence and information operations. The conversation covers examples of cyber-enabled influence operations, focusing on Iran's actions related to the 2020 U.S. presidential elections and the Israel-Hamas war. The discussion covers tactics Iranian actors use, such as impersonation, recruiting locals, and leveraging email and text messages for amplification. The podcast brings context to the intricacies of Iranian cyber activities, their collaborative efforts, propaganda consumption, creative tactics, and challenges in attribution for influence operations.       In this episode you'll learn:       The collaboration among Iranian groups in cyber-enabled influence operations  Wiper attacks in situations involving both cyber and kinetic operations  Unique aspects of Iran's influence operations     Some questions we ask:      What's the reason behind a spike in Iranian propaganda consumption in Canada?  Where does Iran fall compared to other countries like Russia and North Korea?  What might be coming up regarding Iranian cyber attacks and influence operations?   Resources:   View Bryan Prior on LinkedIn  View Sherrod DeGrippo on LinkedIn   Iran Report   Iran Accelerates Cyber Ops Against Israel  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca, Laurie Kirk, and Apurva Kumar. Today's discussion concerns a recent release from the Chaos Computer Congress, where researchers discovered and analyzed a zero-click attack on iPhones. The attack involves four zero-day vulnerabilities in iOS, requiring a malicious iMessage, a hardware bug, and a Safari exploit. The spyware discovered was specifically targeting security researchers. Sherrod, Christine, Laurie, and Apurva explore the significance of this attack, its implications for mobile security, the concept of zero-click attacks becoming more prevalent on mobile devices, and the importance of researchers being vigilant about their security.       In this episode you'll learn:       Why you should consider the threat landscape when traveling internationally  The technical and strategic aspects of mobile threat intelligence  Prevalence of spyware on both Android and iOS platforms     Some questions we ask:      How can attackers disguise Trojans to harvest personal details?  What are the communication vehicles that you're seeing phishing come from?  How do I know if I have malware on my phone?     Resources:   Follow Christine on Twitter @x71n3 & @herhaxpodcast   View Laurie Kirk on LinkedIn   View Apurva Kumar on LinkedIn   View Sherrod DeGrippo on LinkedIn   DEV-0196: QuaDream's “KingsPawn” malware targets Europe, North America, the Middle East, and Southeast Asia | Microsoft Security Blog  37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss why North Korean hackers are sharing money-laundering and underground banking networks with fraudsters and drug traffickers in Southeast Asia. • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Greg Schloemer and Matthew Kennedy. Sherrod, Greg, and Matthew discuss North Korean cyber operations, highlighting the unique aspects that set North Korea apart, emphasizing North Korea's persistence, adaptability, and the blending of APT and cybercrime elements, mainly focusing on revenue generation through activities like cryptocurrency theft. The discussion touches on the notorious Lazarus group, known for the Sony Pictures attack and WannaCry, and how their actions captured global attention. Sherrod, Greg, and Matthew also share personal insight into why they're drawn to this particular area of cybersecurity, offering listeners a unique perspective on the motivations and passions driving those at the forefront of defending our digital world.      In this episode you'll learn:       The evolution of North Korean cyber operations  How cryptocurrency theft is used as a means to support the state   North Korea's unique approach to cyber operations and strategic evolution over time     Some questions we ask:      How much work have you put into becoming a blockchain and cryptocurrency expert?  What challenges arise in defending against these specific software supply chain attacks?  Why are you interested in working on North Korea-related cybersecurity?    Resources:   View Greg Schloemer on LinkedIn   View Matthew Kennedy on LinkedIn    View Sherrod DeGrippo on LinkedIn   Diamond Sleet supply chain compromise distributes a modified CyberLink installer     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jeremy Dallman, Kimberly Ortiz, and Steve Ginty. Sherrod emphasizes the importance of understanding vulnerabilities before they're exploited in the wild and discusses the process of responding to security vulnerabilities, including identifying threat actors and the urgency of patch deployment, especially for vulnerabilities targeted by ransomware groups. The conversation also focuses on Security Copilot, a tool built on Microsoft's extensive threat intelligence, designed to make SOC analysts' work more accessible by providing immediate, relevant information on threats. This episode offers an insider's view on how these professionals track internal incident responses, share crucial intelligence with customers, and continuously evolve their processes to ensure swift, accurate delivery of threat intelligence.       In this episode you'll learn:       -How collaborating with multiple MS teams enhances intel delivery   -Interaction between Microsoft Defender Threat Intelligence and Security Copilot  -Publishing actor profiles based on internal observations of techniques and procedures     Some questions we ask:       -How will the world of AI affect the role of threat intelligence?   -What are you most excited about when it comes to AI in cybersecurity?   -When do we share intel with customers, and has that process changed over the years?  Resources:   View Kimberly Ortiz on LinkedIn   View Steve Ginty on LinkedIn   View Jeremy Dallman on LinkedIn   View Sherrod DeGrippo on LinkedIn     MDTI: Now Anyone Can Tap Into Game-Changing Threat Intelligence  The Future of Security with AI  A Year in Intel: Highlights from Microsoft's Global Stand Against APTs  The risk of trust: Social engineering threats and cyber defense  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of Cyber Security Decoded, host Steve Stone, Head of Rubrik Zero Labs, is joined by Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft to discuss the cyber threat landscape. In this episode, you'll hear insights on: - How AI will act as a catalyst and accelerate everything security and IT teams are doing - The (debatable) value of Threat Models - If threat intelligence teams will realistically be able to join forces to fight the true adversaries Rubrik Zero Labs' “The State of Data Security: The Journey to Secure an Uncertain Future" report provides a timely view into the increasingly commonplace problem of cyber risks and the challenge to secure data across an organization's expanding surface area. See the report here: https://rbrk.co/47rYcWH

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss CYBERWARCON, an event she recently attended, why conferences such as this one are valuable to the cybersecurity industry, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Judy Ng, Mark Parsons, and Ned Moran. Together, they delve into the riveting world of Cyberwarcon, exploring the activities of threat actors such as Volt Typhoon from China and Iranian-based adversaries. Sherrod sheds light on Volt Typhoon's strategic targeting of critical infrastructure while the team elaborates on the Iranian actors' reactive and opportunistic approach to current cyber attacks. The episode unfolds with insightful discussions of sophisticated techniques like "living off the land" and the intricacies of information operations while providing a deep dive into the evolving landscape of cyber threats and intelligence.       In this episode you'll learn:       The use of AI in the current world of cybersecurity  Why North Korean cyber activity is often referred to as Lazarus  Unique challenges and motivations for tracking APT groups      Some questions we ask:      What are some challenges when following chaotic and unpredictable threat actors?  How do you balance secondary projects like incident response and ransomware?  What motivates someone to pursue a career in APT tracking and analysis?    Resources:   View Mark Parsons on LinkedIn  View Ned Moran on LinkedIn  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss how police seized Ragnar Locker's leak site, what could be next for the cybercriminals affiliated with the group, and more, as well as some updates from the Microsoft Ignite Conference. • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Threat Research and Intelligence Leader Wes Drone. Wes has spent five years investigating criminal and national security computer intrusions for the FBI Cyber Division. After the FBI, he helped a Fortune 25 healthcare organization mature its security operations while gaining first-hand experience in risk management. Sherrod and Wes discuss his current role at Microsoft, where he focuses on messaging and web research. They also touch on the evolving landscape of phishing attacks and the impact of ChatGPT on code writing and security.    In this episode you'll learn:       How ChatGPT has improved code and empowered security to create better code  Why phishing attacks have evolved with new techniques and capabilities   The preferences of threat actors and their willingness to adapt     Some questions we ask:      How have ransomware attacks shifted to a broader issue for entire businesses?  Why should defenders be constantly adapting to new tactics from threat actors?  What challenges and strategies have you noticed from the existing threat landscape?    Resources:   View Wes Drone on LinkedIn  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jack Mott to discuss the movie "Heat" and its relevance to social engineering and threat actor psychology. They also chat about the challenges of identifying real threats in the world of information security, highlighting the need for vigilance in detecting both evident and subtle threats. The conversation revolves around the complexities of distinguishing between genuine and malicious activity and the importance of a nuanced approach to cybersecurity.      In this episode you'll learn:       Why experimentation and new approaches in the security industry are so necessary  Microsoft's approach to handling and investigating blocked threats  The importance of an adaptive system to stay updated on evolving threats and behaviors     Some questions we ask:      Why is curiosity a crucial quality for success in the information security field?  How do you deal with making mistakes and taking risks in your work?  Why do you foster relationships and share information with other professionals?    Resources:   View Sherrod DeGrippo on LinkedIn   Microsoft Ignite Panel, The risk of trust: Social engineering threats and cyber defense       Related Microsoft Podcasts:                     Afternoon Cyber Tea with Ann Johnson   The BlueHat Podcast   Uncovering Hidden Risks      Security Unlocked       Security Unlocked: CISO Series with Bret Arsenault   Secure the Job: Breaking into Security     Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss one Swiss entrepreneur's journey to recover a locked $235M Bitcoin account, as well as the hackers who claim they found a solution. • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of Wait Just an Infosec, host Ryan Chapman is joined by Sherrod Degrippo to get a little weird and discuss some of the things they are seeing most recently in the cybersecurity space.Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft threat research experts to talk about the activities of a threat actor known as Octo Tempest (which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944) and the blog released by Microsoft threat intelligence and Microsoft incident response groups. The discussion covers various tactics, techniques, and procedures Octo Tempest employs, such as SIM swapping, SMS phishing, and living off the land rather than using traditional malware. Octo Tempest is portrayed as a highly bespoke and hands-on threat actor, often engaged in "keyboard-to-keyboard combat" and showing extreme persistence even after being detected.      In this episode you'll learn:       Techniques used to modify email rules and evade defensive tools  The contrast between tailored attacks and automated targeted threat actors   Why organizations should separate high-privileged accounts from normal user accounts     Some questions we ask:      Is there an end game for OctoTempest, and is it always ransomware?  What is the importance of assuming the first-factor password is already compromised?  How can organizations test controls and alerting for their security posture?    Resources:   View Sherrod DeGrippo on LinkedIn   https://aka.ms/octo-tempest      Related Microsoft Podcasts:   Afternoon Cyber Tea with Ann Johnson   The BlueHat Podcast   Uncovering Hidden Risks  Security Unlocked  Security Unlocked: CISO Series with Bret Arsenault   Secure the Job: Breaking into Security    Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss the cybercriminal gang known as 'ACG,' how they ushered in a bold new era of crime, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Teaching AI to misbehave. Ransomware's effect on healthcare downtime. Two reports on the state of cybersecurity in the financial services sector. Possible connections between Hamas and Quds Force. Ukrainian cyber authorities report a rise in privateering Smokeloader attacks. Russian hacktivist auxiliaries strike Czech targets. My conversation with Sherrod DeGrippo, host of The Microsoft Threat Intelligence Podcast. Jay Bhalodia from Microsoft Federal shares insights on multi-cloud security. And Winter Vivern exploits a mail service 0-day. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/204 Selected reading. AI vs. human deceit: Unravelling the new age of phishing tactics (Security Intelligence) Ransomware attacks on US healthcare organizations cost $20.8bn in 2020 (Comparitech)  Cyberattack at 5 southwestern Ontario hospitals leaves patients awaiting care (CBC News)  State of Security for Financial Services (Swimlane) Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services (Business Wire) Hamas' online infrastructure reveals ties to Iran APT, researchers say (CSO Online)  Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future (Recorded Future) Ukraine cyber officials warn of a ‘surge' in Smokeloader attacks on financial, government entities (Record)  Bloomberg: Russia steps up cyberattacks to disrupt Ukraine's key services (Euromaidan)  Pro-Russia group behind today's mass cyberattack against Czech institutions (Expats.cz) Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers (We Live Security) Learn more about your ad choices. Visit megaphone.fm/adchoices

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Senior Security Researcher Graham Dietz. Graham provides intelligence-led recommendations to improve cybersecurity posture in the future. They are creating customer-ready reports and presentations incorporating threat actor attribution, threat detection and hunting guidance, and remediation recommendations. Sherrod and Graham discuss China's extensive history in cyber operations, targeting domestic and international entities, including diplomatic organizations and industrial espionage.      In this episode you'll learn:       How patriotic hackers are thriving inside the Chinese cybercrime underground  The complexity and diversity of Chinese cyber activities  China's economic strategies and how they relate to cyber operations     Some questions we ask:      What should someone do when handed an unknown USB device by a stranger?  Why does China target organizations without staying completely hidden?  What sets China apart as an advanced persistent threat?    Resources:   View Graham Dietz on LinkedIn   View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security    Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss a sophisticated scam that hit a gas station in Detroit, Michigan. • For more on cybersecurity, visit us at https://cybersecurityventures.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Matthew Zorich, a Principal Consultant with Microsoft Incident Response. Sherrod and Matt discuss his motivation for creating accessible and open-source forensics tools and resources for entry-level forensics, aiming to guide those without extensive resources. They also examine the importance of helping smaller businesses and individuals understand and practice incident response and forensics, considering the potentially devastating impact of cyberattacks on them. Matt also emphasizes the importance of knowledge sharing and practical experimentation in incident response and identity forensics to help individuals and organizations better defend against cyber threats.      In this episode you'll learn:       The challenges of identity-based forensics  Tactics threat actors use to compromise accounts without raising suspicion  The importance of distinguishing personal and work identities when assessing threats     Some questions we ask:      Why is it important to distinguish personal and work email from a threat perspective?  How do you protect essential accounts in a large organization?  Would you consider text messages as a reliable method to enhance security?     Resources:   View Matthew Zorich on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Threat Intelligence Analyst Simeon Kakpovi, Intelligence Analyst Lauren Podber, and Senior Hunt Analyst Emiel Haeghebaert. In this episode, Sherrod and guests explore the evolving nature of the Iranian APT group known as "Peach Sandstorm." They discuss how they mature over time while providing valuable insights into APT actors and their evolving strategies. They discuss techniques such as password spraying and the next steps attackers take to establish persistence within the victim's environment. Sherrod also highlights Iran's unique approach to cyber operations, where they exhibit creativity and perseverance in achieving their objectives, even when they may only sometimes be the most technically sophisticated group among nation-state actors.       In this episode you'll learn:       The contrast between APT actors and cybercriminals  How organizations can protect themselves against password spray attacks  The importance for defenders to understand the motivations and tactics of APT actors     Some questions we ask:      What is the difference between a brute force attack and a password spray attack?  How does Iran's cyber capabilities compare to those of other countries?  What are some key differences between Iran and APT actors like Russia and China?    Resources:   How Microsoft Names Threat Actors   Peach Sandstorm  View Simeon Kakpovi on LinkedIn   View Lauren Podber on LinkedIn  View Emiel Haeghebaert on LinkedIn  View Sherrod DeGrippo on LinkedIn   Peach Sandstorm  Ingredients:  - 1 ripe peach, peeled and pitted  - 1 1/2 oz Arak (a traditional Middle Eastern aniseed-flavored spirit)  - 1 oz fresh lemon juice  - 1 oz rose water  - 1/2 oz simple syrup  - A pinch of saffron strands (soaked in 1 tablespoon of warm water for 10 minutes)  - Crushed ice  - Fresh mint leaves for garnish  - Edible rose petals for garnish  Instructions:  1. In a blender, combine the peach, Arak, lemon juice, rose water, simple syrup, saffron water, and a good amount of crushed ice.  2. Blend until smooth and frosty.  3. Pour into a chilled glass.  4. Garnish with fresh mint leaves and edible rose petals.    Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca. Christine is a senior mobile security researcher at Microsoft, specializing in iOS and mobile exploit development. Christine and Sherrod discuss mobile device security and privacy concerns, mainly focusing on Apple AirTags and similar tracking devices, concentrating on the potential for misuse of these devices for shady purposes, the challenges of tracking and detecting them, and steps individuals can take to protect themselves if they suspect they are being tracked. They also examine the evolving landscape of mobile security and offer practical advice for safeguarding personal information and privacy in increasingly interconnected devices.        In this episode you'll learn:         How attackers gain access to banking apps and iCloud accounts  The privacy implications of Bluetooth trackers  Why the landscape of mobile security is constantly evolving     Some questions we ask:      What's a mobile zero day?  How can I and people listening protect themselves on their iPhones?   What common technique do fishers use to make URLs appear legitimate?    Resources:   Follow Christine on Twitter @x71n3 & @herhaxpodcast   View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.  

Join Ryan Kovar and special guest Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, for a discussion about crimeware, threat actor naming conventions, and Sherrod's essay in a new book by SURGe titled, "Bluenomicon: The Network Defender's Compendium."

Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft and Host of The Microsoft Threat Intelligence Podcast, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Sherrod is a frequently cited threat intelligence expert in media, including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well-known public speaker, having presented at Black Hat, RSA Conference, RMISC, BrunchCon, and others. Sherrod and Nic discuss various topics, including different types of threat actors, the overlap between nation-state actors and cybercrime, and Sherrod's fascination with cybercrime, emphasizing cybercriminals' creativity and ingenuity, particularly those who use social engineering techniques. In This Episode You Will Learn: Why many cybercriminals don't believe they are engaging in criminal activity How understanding a threat actor's psychology is essential to creating detection methods The importance of maintaining proper security hygiene Some Questions We Ask: How can threat actors operate with impunity? Should individuals and small businesses worry about nation-state threat actors? Can we reform and convince cybercrime groups to use their talents for good? Resources: View Sherrod DeGrippo on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, is a top cybersecurity expert. In this episode, she joins host Steve Morgan to discuss dogs in cybersecurity, how our furry friends can aid in the fight against cybercrime, if we should be recruiting more of them into the field, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Sherrod DeGrippo has been to DEF CON for the past 21 years. Listen to what this top cybersecurity expert had to say about the 2023 hacking conference.

Sherrod is a long time information security and threat intelligence leader. She was selected as Cybersecurity woman of the year in 2022 and Cybersecurity PR Spokesperson of the year for 2021. Her career in cybersecurity spans 19 years with prior roles including VP Threat research at Proofpoint, leading Security Business Services at Nexum, senior solutions engineer for Symantec, senior security consultant for Secureworks, and senior network security analyst for the National Nuclear Security Administration (NNSA). Sherrod is a frequently cited threat intelligence expert in media including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well known public speaker, having presented at Black Hat, RSA conference, RMISC, BrunchCon, and others. In her personal time, Sherrod does pilates, loves to go to live music shows, and spends time with her rescue dog Boris Karloff.

In this highly entertaining episode of DISCARDED, Selena Larson and Crista Giering host a wild round of “Ask Me Anything,” with Sherrod DeGrippo, VP of Threat Research and Detection, and Daniel Blackford, Threat Researcher at Proofpoint. Featuring insightful questions from listeners and former guests, these industry experts cover a wide range of topics, from silly to serious.Join us as we discuss:The most boring malware and common threat actor mistakesNew developments in Ukraine and the Global SouthA proliferation of mobile malware and sports-related attacksKeep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

Cybersecurity doesn't have to be spooky this Halloween. In this episode, Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, joins the show to discuss all things cybersecurity awareness so you can be prepared, not scared, this October. So grab a sweet treat and pull up a seat, the Hallow-queen is about to give her hot takes! Join us as we discuss: The growing risk of TOADs (Telephone Oriented Attack Delivery) Benign phishing reconnaissance emails by threat actors What you need to know to adapt to this ever changing threat landscape Bring awareness to cybersecurity this October, even on ghost tours Check out these resources we mentioned: https://www.proofpoint.com/us/cybersecurity-awareness-hub  https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence  Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: EU data supervisor sues the EU and Europol for skirting data protection rules

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: Rare pro-Western influence operation caught and exposed

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Business #675 -- The problem with Mudge's whistleblowing complaint Risky Biz News: Explosive whistleblower report exposes Twitter's shoddy security

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: Chinese APT targeted White House reporters ahead of Jan. 6 insurrection

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: New side-channel attack disclosed in Intel and AMD processors

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come

Five Minute Forecast for the week of June 20th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Law enforcement arrest thousands in global social engineering stings Icefall vulnerabilities put thousands of critical systems around the world at risk Blackcat takes ransomware victim shaming to a new level Joining us is Proofpoint VP of Threat Research and Detection, Sherrod DeGrippo, who shares her thoughts on this year's Human Factor report.

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Show guests include Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: Top websites have sucky password policies

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Show guests include Eliya Stein, Sr. Security Engineer at Confiant, and Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection, this episode's sponsor. Show notes Risky Biz News: Microsoft accused of concealing Azure vulnerabilities

Proofpoint's biggest release of the year is here: the 2022 Human Factor Report. To ensure you don't miss a thing, Protecting People has your on-the-go breakdown of the report straight from the source, Sherrod DeGrippo, Vice President of Threat Research and Detection at Proofpoint, joins the show to talk about some of the key findings and topics from the Proofpoint 2022 Human Factor Report and how to best protect yourself and your organization in this new threat landscape. Join us as we discuss: The three key areas of user risk How to identify vulnerable users within organizations The increase of malicious URLs in 2022 How remote work is impacting organization's security risks The influence of Russia's invasion of Ukraine on the threat landscape  For more episodes like this one, follow Protecting People on Apple Podcasts, Spotify, the Proofpoint website, or anywhere you get podcasts. Resource: 2022 Human Factor Report: https://www.proofpoint.com/us/resources/threat-reports/human-factor

On this week's show Patrick Gray, Dmitri Alperovitch and Adam Boileau discuss the week's security news, including: We expected a cyberwar but got an information war People with SDR kits are doing SIGINT in Ukraine Conti has imploded and it's hilarious Much, much more This week's show is brought to you by Proofpoint. Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection is this week's sponsor guest. She joins us to talk about how there isn't really any magic advice she can dispense to protect customers from Russian attacks. There are some show notes below, but they're not exhaustive. Show notes The propaganda war has eclipsed cyberwar in Ukraine | MIT Technology Review Ukrainian Researcher Leaks Conti Ransomware Gang Data Signal on Twitter: "We've had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives." / Twitter Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future Phishing campaign targets European officials assisting in refugee operations - The Record by Recorded Future https://twitter.com/sbreakintl/status/1498619303717142529?s=21 Apple halts sales of products to Russia, restricts access to Russian news apps Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine - CyberScoop Russian State Media Hacked to Show Casualty Numbers for Russian Soldiers in Ukraine War Would Banning Russia From Getting Software Updates Make It Easier to Hack? Ukraine's Volunteer ‘IT Army' Is Hacking in Uncharted Territory | WIRED vx-underground on Twitter: "Conti ransomware group previously put out a message siding with the Russian government. Today a Conti member has begun leaking data with the message "Fuck the Russian government, Glory to Ukraine!" You can download the leaked Conti data here: https://t.co/BDzHQU5mgw https://t.co/AL7BXnihza" / Twitter Active Measures, LLC on Twitter: "That keyboard sound you hear is lawyers at US CYBERCOMMAND updating some opinions." / Twitter Conti ransomware gang chats leaked by pro-Ukraine member - The Record by Recorded Future Russia appears to deploy digital defenses after DDoS attacks - The Record by Recorded Future Russia's Sandworm Hackers Have Built a Botnet of Firewalls | WIRED Auth0 co-founder and CEO Eugenio Pace walks us through the Auth0 platform - YouTube Dmitri Alperovitch on Twitter: "In the last few weeks, I have become increasingly convinced that Kremlin has unfortunately made a decision to invade Ukraine later this winter. While it is still possible for Putin to deescalate, I believe the likelihood is now quite low. Allow me to explain why

Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, talks about Emotet's return; how attackers are fine tuning their malware campaigns to be more targeted; and why "your point of view is the most valuable thing that you bring" in cybersecurity.

Five Minute Forecast for the week of September 6th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. • Billions of devices at risk from Bluetooth bugs • Ransomware source code leaked online • Funny business on Banksy's website – but for once the artist isn't to blame Joining us is Sherrod DeGrippo, Proofpoint's Vice President, Threat Research and Detection, to discuss the perennial threat of business email compromise.

Five Minute Forecast for the week of August 2nd. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Don't ban ransomware payments, the FBI warns congress A new ransomware gang rises from the ashes of REvil and DarkSide And Iranian cyber attackers play the long game  Joining us is Sherrod DeGrippo, Proofpoint's Senior Director of Threat Research and Detection, to explain why some threat actors spend so long developing relationships with their victims.

Fraudsters who perpetrate BEC and various other types of email scams are a serious and continuous threat to businesses today. In 2019, there were 26.2 billion dollars in reported losses from these kinds of malicious malware attacks. For part two of our Expert Insights into Business Email Compromise (BEC) and email fraud protection, host Sherrod DeGrippo leads a lively discourse with Robert Holmes, Sr. Director of Threat Research and Detection, and Sam Scholten, CISSP, and Staff Email Fraud Researcher, both of Proofpoint — a company at the forefront of using AI and machine learning for radical, comprehensive threat protection. Here's a sneak peek: - The small but crucial differences between DDoS extortion and a BEC attack. - The next generation of how Proofpoint is stopping these threats with deep analysis of every email for metadata signs of intrusion. - Fascinating samples of previous attacks and highly creative threat actors who leveraged social cues to launch an attack. - Successful scams take advantage of human nature and the fundamental vulnerability of individuals. To hear more episodes like this one, subscribe to Protecting People on Apple Podcasts, Spotify, or your preferred podcast platform.

Five Minute Forecast for the week of July 19th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Human rights activists around the world are targeted with military-grade spyware Yet more trouble at Solar Winds, as a new zero day vulnerability lets in attackers A high-profile ransomware group goes dark, but are they really gone or just on vacation? Joining us is Sherrod DeGrippo, Proofpoint's Senior Director of Threat Research and Detection, to explain what's really happening when cyber criminal groups go on hiatus.

Business Email Compromise, or BEC, is a type of scam that utilizes social engineering to trick companies into paying fraudulent invoices or giving up sensitive information that can be used for a future attack. Malware, phishing, BEC, and thread hijacking. The “baddies,” as one of today's guests charmingly anoints them, utilize these deep, complicated attacks because the rewards are so very great - in 2019, stats from the Internet Crime Complaint Center showed losses over $1.7 billion. Join host Sherrod DeGrippo for part one of this in-depth discussion, as she talks through various current threats and how companies can defend against them with email fraud defense experts Robert Holmes, Sr. Director of Threat Research and Detection, and Sam Scholten, CISSP Staff Email Fraud Research, of Proofpoint. Here's a sneak peek: - Learn the signs of suspicious emails - Threat actors are putting a high amount of energy into today's scams - BEC is a global problem - Stricter financial controls can help your company along with EFD To hear more episodes like this one, subscribe to Protecting People on Apple Podcasts, Spotify, or your preferred podcast platform.

Join us as we chat with cyber expert Sherrod DeGrippo about the changing threat landscape.  We also delve into the Colonial pipeline attack and have a little fun talking about cyber security-based movies.  

Danny Palmer talks to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, about the latest trends in ransomware. FOLLOW US  - Subscribe to ZDNet on YouTube: http://bit.ly/2HzQmyf - Watch more ZDNet videos: http://zd.net/2Hzw9Zy - Follow ZDNet on Twitter: https://twitter.com/ZDNet - Follow ZDNet on Facebook: https://www.facebook.com/ZDNet - Follow ZDNet on Instagram: https://www.instagram.com/ZDNet_CBSi - Follow ZDNet on LinkedIn: https://www.linkedin.com/company/zdnet-com/ - Follow ZDNet on Snapchat: https://www.snapchat.com/add/zdnet_cbsi Learn more about your ad choices. Visit megaphone.fm/adchoices