BROADCASTS.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft threat research experts to talk about the activities of a threat actor known as Octo Tempest (which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944) and the blog released by Microsoft threat intelligence and Microsoft incident response groups. The discussion covers various tactics, techniques, and procedures Octo Tempest employs, such as SIM swapping, SMS phishing, and living off the land rather than using traditional malware. Octo Tempest is portrayed as a highly bespoke and hands-on threat actor, often engaged in "keyboard-to-keyboard combat" and showing extreme persistence even after being detected.\xa0\n\xa0\xa0\xa0\nIn this episode you\u2019ll learn:\xa0\xa0\xa0\xa0\xa0\xa0\n\nTechniques used to modify email rules and evade defensive tools\xa0\n\nThe contrast between tailored attacks and automated targeted threat actors\xa0\xa0\n\nWhy organizations should separate high-privileged accounts from normal user accounts\xa0\n\n\xa0\xa0\nSome questions we ask:\xa0\xa0\xa0\xa0\xa0\n\nIs there an end game for OctoTempest, and is it always ransomware?\xa0\n\nWhat is the importance of assuming the first-factor password is already compromised?\xa0\n\nHow can organizations test controls and alerting for their security posture?\xa0\n\n\xa0\nResources:\xa0\xa0\nView Sherrod DeGrippo on LinkedIn\xa0\xa0\nhttps://aka.ms/octo-tempest\xa0\n\xa0\xa0\xa0\nRelated Microsoft Podcasts:\xa0\xa0\n\n\nAfternoon Cyber Tea with Ann Johnson\xa0\xa0\n\n\nThe BlueHat Podcast\xa0\xa0\n\n\nUncovering Hidden Risks\xa0\n\n\xa0\nDiscover and follow other Microsoft podcasts at microsoft.com/podcasts\xa0\xa0\nGet the latest threat intelligence insights and guidance at Microsoft Security Insider\n\xa0\nThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.