The Grid, a Digital Frontier: E-ISAC on Securing the Power Grid
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Matt Duncan, Vice President of Security Operations and Intelligence at the North American Electric Reliability Corporation’s E-ISAC, to explore the cyber threats targeting the North American power grid. Matt breaks down why the grid remains resilient despite increasing pressure from nation-states, cybercriminals, and hacktivists, how AI is lowering the barrier of entry for attackers, and why OT systems and interconnected devices present unique risks.
He also highlights real success stories, the value of large-scale grid exercises, and how strong collaboration and a focus on foundational security practices help defenders keep power flowing safely and reliably.
In this episode you’ll learn:
How severe weather events trigger heightened cyber-readiness across utilities
What motivates hacktivist groups and how their tactics differ from other threat actors
Why outdated equipment and legacy systems remain such attractive targets
Some questions we ask:
Are you seeing more educated and capable OT-focused adversaries now?
How do you work with policymakers to help them understand these threats?
If you could eliminate one misconception about securing the grid, what would it be?
Resources:
View Matt Duncan on LinkedIn
View Sherrod DeGrippo on LinkedIn
Learn more about E-ISAC
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
--------
38:59
--------
38:59
Ahoy! A Tale of Payroll Pirates Who Target Universities
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware.
Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification.
In this episode you’ll learn:
How Payroll Pirates diverted university salaries through SaaS HR phishing schemes
Why universities are prime targets for identity-based cyberattacks
How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks
Some questions we ask:
How are attackers stealing credentials and paychecks?
Why do attackers create inbox rules after compromising accounts?
What alerts should organizations monitor for these types of attacks?
Resources:
View Tori Murphy on LinkedIn
View Anna Seitz on LinkedIn
View Sherrod DeGrippo on LinkedIn
Investigating targeted “payroll pirate” attacks affecting US universities
Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
31:36
--------
31:36
Beyond AI for Security Hype: What Really Matters in Cyber Defense
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity.
In this episode you’ll learn:
How to evaluate whether a vendor is truly using AI in their product
The psychology behind why people fall for phishing attacks
Why human judgment will remain essential in the era of AI-driven security.
Some questions we ask:
How can AI unlock new capabilities in cybersecurity?
What questions should people ask AI security vendors?
Why do trained security professionals still fall for phishing attacks?
Resources:
View Zack Korman on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
42:05
--------
42:05
The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks.
They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI’s growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks.
Listeners will gain perspective on:
How AI is shaping both attacker tradecraft and defensive response.
Why identity remains the cornerstone of global cyber risk.
What Microsoft’s telemetry—spanning 600 million daily attacks—reveals about emerging threats and evolving defender strategies.
Questions explored:
How are threat actors using AI to scale deception and influence operations?
What does industrialized cybercrime mean for organizations trying to defend at scale?
How can defenders harness AI responsibly without overreliance or exposure?
Resources:
Download the report and executive summary
Register for Microsoft Ignite
View Chloé Messdaghi on LinkedIn
View Crane Hassold on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
47:29
--------
47:29
Threat Landscape Update: Ransomware-as-a-Service and Advanced Modular Malware
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Tori Murphy, Anna Seitz, and Chuong Dong to break down two threats: the modular backdoor PipeMagic and Medusa ransomware. They discuss how PipeMagic disguises itself as a ChatGPT desktop app to deliver malware, its sophisticated modular design, and what defenders can do to detect it.
The team also explores Medusa’s evolution into a ransomware-as-a-service model, its use of double extortion tactics, and the broader threat landscape shaped by ransomware groups, social engineering, and the abuse of legitimate tools.
In this episode you’ll learn:
Why modular malware is harder to detect and defend against
How attackers abuse vulnerable drivers to disable security tools
Why leak sites play a central role in ransomware operations
Some questions we ask:
How did Microsoft researchers uncover PipeMagic in the wild?
Why do ransomware groups often borrow names and themes from mythology?
What initial access techniques are commonly associated with Medusa attacks?
Resources:
View Anna Seitz on LinkedIn
View Chuong Dong on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
Australia