Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Maurice Mason and Jackie Burns-Koven to explore how cybercrime has shifted into a highly organized, marketplace-driven ecosystem. They break down the growing convergence between criminal networks and nation-state actors, highlighting how shared tools, infrastructure, and cryptocurrency have blurred traditional boundaries. 

The conversation dives into the rise of as-a-service cybercrime models, where access, malware, and infrastructure can be easily bought and sold, lowering barriers to entry and increasing attack volume. They also examine how blockchain intelligence is becoming a critical tool for tracking illicit activity, improving attribution, and disrupting operations. 

In this episode you’ll learn:      


How cybercrime has evolved into a scalable, marketplace-driven ecosystem 


Why initial access brokers are lowering the barrier to entry for attackers 


How proactive disruption and collaboration can reduce ransomware impact and payments 

Some questions we ask:     


What role does crypto intelligence play in prevention and detection? 


Why are threat actors shifting to alternative cryptocurrencies? 


How can defenders better protect themselves against these threats? 

 

Resources:  

View Maurice Mason on LinkedIn  

View Jackie Burns-Koven on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Cynthia Kaiser to unpack the progression of ransomware from isolated attacks into a sophisticated global criminal ecosystem. Drawing on her two decades at the FBI and current role at Halcyon, Cynthia explains how cybercrime has scaled through organized networks, improved tactics, and increasing speed, with some attacks now unfolding in under an hour.  

The conversation explores how law enforcement strategies have shifted from targeting low-level actors to disrupting entire ecosystems, leading to more impactful takedowns. Cynthia also highlights the real-world consequences of ransomware, including its growing impact on critical infrastructure like hospitals and the potential for loss of life. The episode examines how AI is shaping both attacker and defender capabilities, accelerating phishing and access while also enabling stronger defensive responses.  

In this episode you’ll learn:      


How ransomware evolved into a global organized criminal ecosystem 


Why modern ransomware attacks are faster, more scalable, and harder to stop 


The real-world impact of ransomware, including risks to critical infrastructure 

Some questions we ask:     


How has ransomware shifted into a larger ecosystem over time? 


What are companies getting wrong about cyber insurance and recovery? 


Are autonomous AI-driven attacks a real threat yet? 

Resources:  

View Cynthia Kaiser on LinkedIn 

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Jarrod Forgues Schlenker of the FBI’s Cyber Division about the pattern's investigators see in cyber incidents and how initiatives like Operation Winter Shield aim to close the gap between knowing what to do and actually implementing it.  

They discuss the importance of foundational controls like phishing-resistant authentication, secure logging, and strong identity protection, as well as the role threat intelligence and prevention play in strengthening organizational defenses. The conversation highlights how small, practical security improvements can significantly disrupt attackers and help organizations reduce risk before an incident occurs. 

In this episode you’ll learn:      


How the FBI identifies recurring patterns in cyber-attacks across investigations 


Why phishing-resistant authentication and MFA are critical for stopping credential theft 


What Operation Winter Shield is and how it encourages organizations to move from awareness to action 

 Some questions we ask:     


Which security control themes in the program stand out to you the most? 


Why are log retention and protection so critical during investigations? 


How can threat intelligence programs help organizations strengthen their defenses? 

 

Resources:  

View Jarrod Forgues Schlenker on LinkedIn

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations. 

The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. 

They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft. 

In this episode you’ll learn:      


How AI is changing the speed at which cyber operations evolve 


Why jailbreaking AI models is often trivial for motivated adversaries 


 The strategic implications of AI leveling the playing field between threat actors 

Some questions we ask:     


Is there resistance among experienced malware authors to adopting AI? 


Are we seeing fully AI-written malware in the wild? 


What stands out about Jasper Sleet’s use of AI? 

 

Resources:  

View Greg Schloemer on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, Sherrod DeGrippo speaks with Microsoft security and AI researchers Giorgio Severi and Noam Kochavi about a newly observed trend in AI abuse: recommendation poisoning through memory manipulation. 

While looking into prompt injection and reprompt-style behaviors, the team uncovered something quieter but potentially more persistent—websites embedding hidden instructions inside Summarize with AI links that attempt to influence what an AI assistant remembers and recommends over time. 

Rather than focusing on immediate exploitation, this technique aims to shape long-term behavior inside AI systems. Giorgio and Noam explain how it works, why it’s spreading across industries, where legitimate marketing tactics can blur into security risk, and what defenders and users should understand about managing AI memory in an increasingly agent-driven environment. 

In this episode you’ll learn:      


How AI memory poisoning differs from traditional prompt injection 


Why legitimate businesses are using memory manipulation tactics 


What threat hunters can look for inside enterprise telemetry 

 Some questions we ask:     


How is memory poisoning different from prompt injection? 


What are the long-term risks of embedding bias into AI memory? 


Could this technique be used for more harmful influence beyond marketing? 

 

Resources:  

View Giorgio Severi on LinkedIn  

View Noam Kochavi on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.