In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo and Microsoft security researchers Anna Seitz and Daria Pop discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insight into the evolving tactics of the Black Basta ransomware, including the use of phishing, social engineering, and remote management tools. The discussion also delves into the persistence of malvertising and the challenges it presents for defenders. Anna Seitz examines how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.
In this episode you will learn:
- Why the elimination of Qakbot affected Black Basta’s strategies
- What malvertising is and why its persistence is due to the complex nature of ad traffic
- How the MITRE Atlas framework helps defenders identify new threats
Some questions we ask:
- What role does social engineering play in the Quick Assist campaigns?
- How do North Korean threat actors like Emerald Sleep use LLMs in their campaigns?
- Can you explain the changes in Black Basta’s initial access methods over the years?
Resources:
See Anna Seitz on LinkedIn
See Daria Pop on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft podcasts:
Discover and follow more podcasts from Microsoft at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance from Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of the N2K media network.
