Microsoft Threat Intelligence Podcast

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.      In this episode you’ll learn:       The genesis of the project scumbots and its functionality  Challenges when dealing with commercial threat intelligence companies   The increasing sophistication of cybercrime and the potential for new tactics     Some questions we ask:      How has your time in incident response evolved over the years?  What advice would you give to aspiring cybersecurity professionals  Do you believe organizations can adapt and innovate their defense strategies?    Resources:   Scumbots on Twitter  View Paul Melson on LinkedIn      View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Microsoft Secure in San Francisco and is joined by Brandon Dixon and Vasu Jakkal. As Group Product Manager for Security Copilot, Brandon is helping to shape how generative AI is used to empower professionals to focus on what matters most. Brandon reflects on how security practices have changed, mental health in the security industry and how AI can empower individuals in the tech and infosec fields. Vasu discusses her passion for cybersecurity and its impact on global safety. She emphasizes the importance of inclusivity and optimism in tackling security challenges and shares her journey into cybersecurity, which was influenced by her love for technology instilled by watching Star Trek. Vasu also highlights the transformative potential of AI, particularly Microsoft Copilot for Security, in enhancing defense capabilities and catching new threats.     In this episode you’ll learn:       AI enhancing security practices and empowering individuals in the cybersecurity field  The value of sharing ideas for critique, fostering inspiration, and driving innovation  How AI has the power to unveil the wonders of the world while enhancing safety   Some questions we ask:      How will Co-Pilot for Security affect threat intelligence professionals and their work?  What are you using AI for at work, both in terms of security and more generic AI?  Can you share examples of how Copilot helps in your personal life?    Resources:   View Brandon Dixon on LinkedIn   View Vasu Jakkal on LinkedIn     View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Times Square at Microsoft Secure and is joined by Chris Wysopal, Chip Calhoun, and Torrell Funderburk. Chris (aka Weld Pond) reflects on his experiences with L0pht, the evolution of bug bounty programs and their dominance in the cybersecurity space, highlighting both the benefits and drawbacks. Chip explains how Copilot for Security assists with threat hunting and script analysis, enhancing analysts' capabilities in identifying threats and malicious activities. He also touches on the prevalent threat actor profiles, highlighting the prevalence of e-crime and the potential impact of nation-state actors. Terrell expresses excitement about the advancements in their security program and the ability to detect and respond at scale. He also discusses his transition from software engineering to cybersecurity and encourages others to consider the move due to the foundational similarities between the fields.       In this episode you’ll learn:       Complications from vulnerabilities discovered in open-source software  Practical applications of Copilot in incident response and threat intelligence  The importance of curiosity and problem-solving skills when building a security team.     Some questions we ask:       How do you view the role of AI and machine learning in security, and bug bounties?  What do you think is unique about securing critical infrastructure targets?  Will AI influence security practices in organizations and industries going forward?    Resources:   View Chris Wysopal on LinkedIn  View Chip Calhoun on LinkedIn   View Torrell Funderburk on LinkedIn    View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Emily Yale and Anna Bertiger. The discussion delves into Emily and Anna's daily activities within the security domain. Emily highlights her role in supporting Microsoft's internal Security Operations Center by building detections for potential threats. Anna emphasizes the practical application of research in solving security problems and focuses on anomaly detection in post-breach security. Emily and Anna provide insights into Microsoft's work culture, the intersection of technology and security, the importance of mathematical and data science skills in tech roles, and the practical applications of AI tools in professional and personal contexts.    In this episode you’ll learn:       How data scientists support the internal SOC and enhance security  The importance of anomaly detection in post-breach security  Combining security with mathematical skills to create practical solutions     Some questions we ask:         What types of unusual patterns indicate malicious activity?   Is there difficulty in securing AI models compared to traditional code?   Should data science methods be used over complex models?    Resources:   View Emily Yale on LinkedIn   View Anna Bertiger on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Stella Aghakian and Holly Burmaster. They explore the intrigue of watching threat actors and their techniques and walk through these techniques and how they are educational and critical in threat intelligence work. They also discuss their experiences at Microsoft Ignite, insights into the cyber threat actor Octo Tempest, and personal reflections on threat intelligence and favorite threat actors. Both Stella and Holly discuss how they thrive on the uncertainty and variety of their work despite the long hours and high pressure but appreciate the supportive team environment that helps them.      In this episode you’ll learn:       Challenges of incident response when dealing with destructive threat actors  Difficulty in managing the emotional aspects of incident response  The unpredictability and dynamic nature of incident response work     Some questions we ask:        How is the workflow structured in incident response teams?  What traits are crucial for excelling in the high-pressure world of incident response?  Do Dart and Mystic teams collaborate in incident responses?    Resources:   View Stella Aghakian on LinkedIn   View Holly Burmaster on LinkedIn   View Sherrod DeGrippo on LinkedIn   Octo Tempest Threat Actor profile  Protecting credentials against social engineering    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Bryan Prior and Nirit Hinkis from the Microsoft Threat Analysis Center. Sherrod, Bryan, and Nirit discuss Iranian influence operations, distinguishing between influence and information operations. The conversation covers examples of cyber-enabled influence operations, focusing on Iran's actions related to the 2020 U.S. presidential elections and the Israel-Hamas war. The discussion covers tactics Iranian actors use, such as impersonation, recruiting locals, and leveraging email and text messages for amplification. The podcast brings context to the intricacies of Iranian cyber activities, their collaborative efforts, propaganda consumption, creative tactics, and challenges in attribution for influence operations.       In this episode you’ll learn:       The collaboration among Iranian groups in cyber-enabled influence operations  Wiper attacks in situations involving both cyber and kinetic operations  Unique aspects of Iran's influence operations     Some questions we ask:      What's the reason behind a spike in Iranian propaganda consumption in Canada?  Where does Iran fall compared to other countries like Russia and North Korea?  What might be coming up regarding Iranian cyber attacks and influence operations?   Resources:   View Bryan Prior on LinkedIn  View Sherrod DeGrippo on LinkedIn   Iran Report   Iran Accelerates Cyber Ops Against Israel  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca, Laurie Kirk, and Apurva Kumar. Today's discussion concerns a recent release from the Chaos Computer Congress, where researchers discovered and analyzed a zero-click attack on iPhones. The attack involves four zero-day vulnerabilities in iOS, requiring a malicious iMessage, a hardware bug, and a Safari exploit. The spyware discovered was specifically targeting security researchers. Sherrod, Christine, Laurie, and Apurva explore the significance of this attack, its implications for mobile security, the concept of zero-click attacks becoming more prevalent on mobile devices, and the importance of researchers being vigilant about their security.       In this episode you’ll learn:       Why you should consider the threat landscape when traveling internationally  The technical and strategic aspects of mobile threat intelligence  Prevalence of spyware on both Android and iOS platforms     Some questions we ask:      How can attackers disguise Trojans to harvest personal details?  What are the communication vehicles that you're seeing phishing come from?  How do I know if I have malware on my phone?     Resources:   Follow Christine on Twitter @x71n3 & @herhaxpodcast   View Laurie Kirk on LinkedIn   View Apurva Kumar on LinkedIn   View Sherrod DeGrippo on LinkedIn   DEV-0196: QuaDream’s “KingsPawn” malware targets Europe, North America, the Middle East, and Southeast Asia | Microsoft Security Blog  37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Greg Schloemer and Matthew Kennedy. Sherrod, Greg, and Matthew discuss North Korean cyber operations, highlighting the unique aspects that set North Korea apart, emphasizing North Korea's persistence, adaptability, and the blending of APT and cybercrime elements, mainly focusing on revenue generation through activities like cryptocurrency theft. The discussion touches on the notorious Lazarus group, known for the Sony Pictures attack and WannaCry, and how their actions captured global attention. Sherrod, Greg, and Matthew also share personal insight into why they're drawn to this particular area of cybersecurity, offering listeners a unique perspective on the motivations and passions driving those at the forefront of defending our digital world.      In this episode you’ll learn:       The evolution of North Korean cyber operations  How cryptocurrency theft is used as a means to support the state   North Korea's unique approach to cyber operations and strategic evolution over time     Some questions we ask:      How much work have you put into becoming a blockchain and cryptocurrency expert?  What challenges arise in defending against these specific software supply chain attacks?  Why are you interested in working on North Korea-related cybersecurity?    Resources:   View Greg Schloemer on LinkedIn   View Matthew Kennedy on LinkedIn    View Sherrod DeGrippo on LinkedIn   Diamond Sleet supply chain compromise distributes a modified CyberLink installer     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jeremy Dallman, Kimberly Ortiz, and Steve Ginty. Sherrod emphasizes the importance of understanding vulnerabilities before they're exploited in the wild and discusses the process of responding to security vulnerabilities, including identifying threat actors and the urgency of patch deployment, especially for vulnerabilities targeted by ransomware groups. The conversation also focuses on Security Copilot, a tool built on Microsoft's extensive threat intelligence, designed to make SOC analysts' work more accessible by providing immediate, relevant information on threats. This episode offers an insider's view on how these professionals track internal incident responses, share crucial intelligence with customers, and continuously evolve their processes to ensure swift, accurate delivery of threat intelligence.       In this episode you’ll learn:       -How collaborating with multiple MS teams enhances intel delivery   -Interaction between Microsoft Defender Threat Intelligence and Security Copilot  -Publishing actor profiles based on internal observations of techniques and procedures     Some questions we ask:       -How will the world of AI affect the role of threat intelligence?   -What are you most excited about when it comes to AI in cybersecurity?   -When do we share intel with customers, and has that process changed over the years?  Resources:   View Kimberly Ortiz on LinkedIn   View Steve Ginty on LinkedIn   View Jeremy Dallman on LinkedIn   View Sherrod DeGrippo on LinkedIn     MDTI: Now Anyone Can Tap Into Game-Changing Threat Intelligence  The Future of Security with AI  A Year in Intel: Highlights from Microsoft's Global Stand Against APTs  The risk of trust: Social engineering threats and cyber defense  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Judy Ng, Mark Parsons, and Ned Moran. Together, they delve into the riveting world of Cyberwarcon, exploring the activities of threat actors such as Volt Typhoon from China and Iranian-based adversaries. Sherrod sheds light on Volt Typhoon's strategic targeting of critical infrastructure while the team elaborates on the Iranian actors' reactive and opportunistic approach to current cyber attacks. The episode unfolds with insightful discussions of sophisticated techniques like "living off the land" and the intricacies of information operations while providing a deep dive into the evolving landscape of cyber threats and intelligence.       In this episode you’ll learn:       The use of AI in the current world of cybersecurity  Why North Korean cyber activity is often referred to as Lazarus  Unique challenges and motivations for tracking APT groups      Some questions we ask:      What are some challenges when following chaotic and unpredictable threat actors?  How do you balance secondary projects like incident response and ransomware?  What motivates someone to pursue a career in APT tracking and analysis?    Resources:   View Mark Parsons on LinkedIn  View Ned Moran on LinkedIn  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Threat Research and Intelligence Leader Wes Drone. Wes has spent five years investigating criminal and national security computer intrusions for the FBI Cyber Division. After the FBI, he helped a Fortune 25 healthcare organization mature its security operations while gaining first-hand experience in risk management. Sherrod and Wes discuss his current role at Microsoft, where he focuses on messaging and web research. They also touch on the evolving landscape of phishing attacks and the impact of ChatGPT on code writing and security.    In this episode you’ll learn:       How ChatGPT has improved code and empowered security to create better code  Why phishing attacks have evolved with new techniques and capabilities   The preferences of threat actors and their willingness to adapt     Some questions we ask:      How have ransomware attacks shifted to a broader issue for entire businesses?  Why should defenders be constantly adapting to new tactics from threat actors?  What challenges and strategies have you noticed from the existing threat landscape?    Resources:   View Wes Drone on LinkedIn  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jack Mott to discuss the movie "Heat" and its relevance to social engineering and threat actor psychology. They also chat about the challenges of identifying real threats in the world of information security, highlighting the need for vigilance in detecting both evident and subtle threats. The conversation revolves around the complexities of distinguishing between genuine and malicious activity and the importance of a nuanced approach to cybersecurity.      In this episode you’ll learn:       Why experimentation and new approaches in the security industry are so necessary  Microsoft's approach to handling and investigating blocked threats  The importance of an adaptive system to stay updated on evolving threats and behaviors     Some questions we ask:      Why is curiosity a crucial quality for success in the information security field?  How do you deal with making mistakes and taking risks in your work?  Why do you foster relationships and share information with other professionals?    Resources:   View Sherrod DeGrippo on LinkedIn   Microsoft Ignite Panel, The risk of trust: Social engineering threats and cyber defense       Related Microsoft Podcasts:                     Afternoon Cyber Tea with Ann Johnson   The BlueHat Podcast   Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft threat research experts to talk about the activities of a threat actor known as Octo Tempest (which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944) and the blog released by Microsoft threat intelligence and Microsoft incident response groups. The discussion covers various tactics, techniques, and procedures Octo Tempest employs, such as SIM swapping, SMS phishing, and living off the land rather than using traditional malware. Octo Tempest is portrayed as a highly bespoke and hands-on threat actor, often engaged in "keyboard-to-keyboard combat" and showing extreme persistence even after being detected.      In this episode you’ll learn:       Techniques used to modify email rules and evade defensive tools  The contrast between tailored attacks and automated targeted threat actors   Why organizations should separate high-privileged accounts from normal user accounts     Some questions we ask:      Is there an end game for OctoTempest, and is it always ransomware?  What is the importance of assuming the first-factor password is already compromised?  How can organizations test controls and alerting for their security posture?    Resources:   View Sherrod DeGrippo on LinkedIn   https://aka.ms/octo-tempest      Related Microsoft Podcasts:   Afternoon Cyber Tea with Ann Johnson   The BlueHat Podcast   Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Senior Security Researcher Graham Dietz. Graham provides intelligence-led recommendations to improve cybersecurity posture in the future. They are creating customer-ready reports and presentations incorporating threat actor attribution, threat detection and hunting guidance, and remediation recommendations. Sherrod and Graham discuss China's extensive history in cyber operations, targeting domestic and international entities, including diplomatic organizations and industrial espionage.      In this episode you’ll learn:       How patriotic hackers are thriving inside the Chinese cybercrime underground  The complexity and diversity of Chinese cyber activities  China's economic strategies and how they relate to cyber operations     Some questions we ask:      What should someone do when handed an unknown USB device by a stranger?  Why does China target organizations without staying completely hidden?  What sets China apart as an advanced persistent threat?    Resources:   View Graham Dietz on LinkedIn   View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca. Christine is a senior mobile security researcher at Microsoft, specializing in iOS and mobile exploit development. Christine and Sherrod discuss mobile device security and privacy concerns, mainly focusing on Apple AirTags and similar tracking devices, concentrating on the potential for misuse of these devices for shady purposes, the challenges of tracking and detecting them, and steps individuals can take to protect themselves if they suspect they are being tracked. They also examine the evolving landscape of mobile security and offer practical advice for safeguarding personal information and privacy in increasingly interconnected devices.        In this episode you’ll learn:         How attackers gain access to banking apps and iCloud accounts  The privacy implications of Bluetooth trackers  Why the landscape of mobile security is constantly evolving     Some questions we ask:      What's a mobile zero day?  How can I and people listening protect themselves on their iPhones?   What common technique do fishers use to make URLs appear legitimate?    Resources:   Follow Christine on Twitter @x71n3 & @herhaxpodcast   View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Matthew Zorich, a Principal Consultant with Microsoft Incident Response. Sherrod and Matt discuss his motivation for creating accessible and open-source forensics tools and resources for entry-level forensics, aiming to guide those without extensive resources. They also examine the importance of helping smaller businesses and individuals understand and practice incident response and forensics, considering the potentially devastating impact of cyberattacks on them. Matt also emphasizes the importance of knowledge sharing and practical experimentation in incident response and identity forensics to help individuals and organizations better defend against cyber threats.      In this episode you’ll learn:       The challenges of identity-based forensics  Tactics threat actors use to compromise accounts without raising suspicion  The importance of distinguishing personal and work identities when assessing threats     Some questions we ask:      Why is it important to distinguish personal and work email from a threat perspective?  How do you protect essential accounts in a large organization?  Would you consider text messages as a reliable method to enhance security?     Resources:   View Matthew Zorich on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Threat Intelligence Analyst Simeon Kakpovi, Intelligence Analyst Lauren Podber, and Senior Hunt Analyst Emiel Haeghebaert. In this episode, Sherrod and guests explore the evolving nature of the Iranian APT group known as "Peach Sandstorm." They discuss how they mature over time while providing valuable insights into APT actors and their evolving strategies. They discuss techniques such as password spraying and the next steps attackers take to establish persistence within the victim's environment. Sherrod also highlights Iran's unique approach to cyber operations, where they exhibit creativity and perseverance in achieving their objectives, even when they may only sometimes be the most technically sophisticated group among nation-state actors.       In this episode you’ll learn:       The contrast between APT actors and cybercriminals  How organizations can protect themselves against password spray attacks  The importance for defenders to understand the motivations and tactics of APT actors     Some questions we ask:      What is the difference between a brute force attack and a password spray attack?  How does Iran's cyber capabilities compare to those of other countries?  What are some key differences between Iran and APT actors like Russia and China?    Resources:   How Microsoft Names Threat Actors   Peach Sandstorm  View Simeon Kakpovi on LinkedIn   View Lauren Podber on LinkedIn  View Emiel Haeghebaert on LinkedIn  View Sherrod DeGrippo on LinkedIn   Peach Sandstorm  Ingredients:  - 1 ripe peach, peeled and pitted  - 1 1/2 oz Arak (a traditional Middle Eastern aniseed-flavored spirit)  - 1 oz fresh lemon juice  - 1 oz rose water  - 1/2 oz simple syrup  - A pinch of saffron strands (soaked in 1 tablespoon of warm water for 10 minutes)  - Crushed ice  - Fresh mint leaves for garnish  - Edible rose petals for garnish  Instructions:  1. In a blender, combine the peach, Arak, lemon juice, rose water, simple syrup, saffron water, and a good amount of crushed ice.  2. Blend until smooth and frosty.  3. Pour into a chilled glass.  4. Garnish with fresh mint leaves and edible rose petals.    Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.

Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind-the-scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense. Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.