Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs...
Doctors’ Perspective: The Rise of Healthcare Ransomware
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Christian Dameff and Jeff Tully, co-directors from the UCSD Center for Healthcare Cybersecurity, and contributors to our recent Healthcare Ransomware report.
They discuss their unique backgrounds as doctors and hackers, focusing on healthcare cybersecurity, and the growing risks of hospital ransomware attacks. Christian shares his journey from hacking as a teenager to combining his passion for medicine and cybersecurity, particularly the risks posed to patient safety by vulnerable medical devices. Jeff adds his perspective, highlighting the parallels between medicine and hacking, and their efforts at UCSD to bring evidence-based research to healthcare cybersecurity. The conversation explores the challenges and importance of protecting critical healthcare systems from cyber threats, aiming to improve patient safety and outcomes.
In this episode you’ll learn:
How medical device vulnerabilities reveal the impact of cybersecurity on patient care
The lack of comprehensive data on healthcare ransomware attacks
When ransomware-induced disruptions can delay life-saving procedures
Some questions we ask:
As healthcare providers, what stands out to you about ransomware in healthcare?
What does the UCSD Center for Healthcare Cybersecurity do?
What ransomware attacks are common in healthcare, and how do they differ from other industries?
Resources:
View Jeff Tully on LinkedIn
View Christian Dameff on LinkedIn
View Sherrod DeGrippo on LinkedIn
Healthcare Ransomware Report
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
42:47
A Couple of Rats Pick Up New Tricks, Un Proposes Cybercrime Treaty
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft’s Dinesh Natarajan, Senior Threat Hunter, and Thomas Ball, Senior Security Researcher. They unpack recent findings around AsyncRAT, a remote access Trojan (RAT) used for keylogging, data exfiltration, and deploying further malware.
Dinesh explains how attackers are now using screen-sharing tools, like Screen Connect, as part of a new infection chain that makes the malware delivery process more deceptive. Thomas then shares insights on SectopRAT, another threat targeting browser data and crypto wallets. Uniquely, this RAT creates a second desktop, allowing attackers to operate undetected.
Next, Sherrod talks with Microsoft’s Senior Director of Diplomacy, Kaja Ciglic, about the UN’s proposed cybercrime treaty. Originally spearheaded by Russia, the treaty aims to create a global framework for prosecuting cybercrime, but critics worry about its potential impact on freedom of expression and human rights.
In this episode you’ll learn:
How tech support scam emails lead to AsyncRAT installations on different devices
The importance of leveraging tools like Microsoft Defender's SmartScreen for protection
The treaty encourages cooperation but may let governments exploit unclear cybercrime definitions
Some questions we ask:
How does social engineering through email play a role in these attacks?
What capabilities does AsyncRat have, and why is it so concerning?
How do we ensure the treaty doesn't impact freedom of expression or human rights?
Resources:
View Dinesh Natarajan on LinkedIn
View Thomas Ball on LinkedIn
View Kaja Ciglic on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
43:56
Between Two Gregs: An Update on the North Korean Threat Landscape
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Proofpoint’s Greg Lesnewich and Microsoft’s Greg Schloemer to share the unique threat posed by North Korea’s (DPRK) state-sponsored cyber activities. The Gregs discuss their years of experience tracking North Korean cyber actors and the distinct tactics that set DPRK apart from other nation-sponsored threats. The conversation also explores North Korea’s high stakes, as DPRK threat actors operate under intense pressure from government handlers, adding a layer of urgency and fear to their operations. They share insights into North Korea’s aggressive use of stolen cryptocurrency to fund the regime’s initiatives, like ballistic missile tests, and discuss the broader geopolitical impact.
In this episode you’ll learn:
The technical sophistication and the relentlessness of DPRK cyber tactics
Complex motives behind funding and sustaining the North Korean government
The training and skills development of North Korean cyber operators
Some questions we ask:
How do North Korean threat actors set up their relay networks differently?
What sets North Korea apart from other nation-sponsored threat actors?
How do North Korean cyber actors differ from traditional e-crime actors?
Resources:
View Greg Schloemer on LinkedIn
View Greg Lesnewich on LinkedIn
View Sherrod DeGrippo on LinkedIn
Blog links:
Citrine Sleet Observed Exploiting Zero Day
New North Korean Threat Actor Identified as Moonstone Sleet
East Asia Threat Actor Technique Report
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
44:46
Microsoft’s Yonatan Zunger on Red Teaming Generative AI
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Yonatan Zunger, CVP of AI Safety and Security at Microsoft. The conversation delves into the critical role of the AI Red Team, which focuses on identifying vulnerabilities in AI systems. Yonatan emphasizes the importance of ensuring the safety of Microsoft’s AI products and the innovative methods the team employs to simulate potential threats, including how they assess risk and develop effective responses. This engaging dialogue offers insights into the intersection of technology, security, and human behavior in the evolving landscape of AI.
In this episode you’ll learn:
Why securing AI systems requires understanding their unique psychology
The importance of training and technical mitigations to enhance AI safety
How financial incentives drive performance improvements in AI systems
Some questions we ask:
How does Retrieval Augmented Generation (RAG) work?
What are the potential risks with data access and permissions in AI systems?
Should users tell language models that accuracy affects their rewards to improve responses?
Resources:
View Yonatan Zunger on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
39:05
Vanilla Tempest: The Threat Actor Behind Recent Hospital Ransomware Attacks
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna and Keivan to discuss two prominent threat actors: Vanilla Tempest and Peach Sandstorm.
Vanilla Tempest, a financially motivated cybercrime group, has been involved in recent ransomware attacks on U.S. hospitals, utilizing various ransomware payloads such as Ink. They are known for using tools like PowerShell scripts and Goot Loader to exfiltrate data and extort victims. Peach Sandstorm, an Iranian nation-state threat actor, focuses on cyber espionage and intelligence collection. They have targeted various sectors, including energy, defense, and critical infrastructure, and have shown increasing sophistication in their attacks. Later, Sherrod speaks with Colton Bremer, a senior security researcher at Microsoft, about his work on the Defender Experts (DEX) team. Colton explains the different tiers of DEX services, which focus on detecting and mitigating advanced threats that may bypass traditional security measures.
In this episode you’ll learn:
A backdoor called Tickler that uses Azure infrastructure for command and control
The significance of these groups' tactics and maintaining ransomware resiliency
The different tiers of DEX services detecting and mitigating advanced threats
Some questions we ask:
How does Vanilla Tempest typically execute their attacks?
Has Peach Sandstorm evolved over time in their cyber espionage efforts?
What can individuals or organizations do to mitigate cloud identity abuse?
Resources:
View Colton Bremer on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.