Sign up to save your podcasts
Or
Share Re: Tracking Attacker Email Infrastructure
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Re: Tracking Attacker Email Infrastructure
If you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them.
On today’s podcast, hosts Nic Fillingham and Natalia Godyla are joined by Elif Kaya, a Threat Analyst at Microsoft. Elif speaks with us about attacker email infrastructure. We learn what it is, how it’s used, and how her team is combating it. She explains how the intelligence her team gathers is helping to predict how a domain is going to be used, even before any malicious email campaigns begin. It’s a fascinating conversation that dives deep into Elif’s research and her unique perspective on combating cybercrime.
In This Episode, You Will Learn:
- The meaning of the terms “RandomU” and “StrangeU”
- The research and techniques used when gathering intelligence on attacker email structure
- How sophisticated malware campaigns evade machine learning, phish filters, and other automated technology
- The history behind service infrastructure, the Netcurs takedown, Agent Tesla, Diamond Fox, Dridox, and more
Some Questions We Ask:
- What is attacker email infrastructure and how is it used by cybercriminals?
- How does gaining intelligence on email infrastructures help us improve protection against malware campaigns?
- What is the difference between “attacker-owned infrastructure” and “compromised infrastructure”?
- Why wasn’t machine learning or unsupervised learning a technique used when gathering intelligence on attacker email campaigns?
- What should organizations do to protect themselves? What solutions should they have in place?
Resources:
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Elif Kaya
Microsoft Security Blog
Nic’s LinkedIn
Natalia’s LinkedIn
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Hosted on Acast. See acast.com/privacy for more information.
View all episodes
By Microsoft
4
5656 ratings
If you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them.
On today’s podcast, hosts Nic Fillingham and Natalia Godyla are joined by Elif Kaya, a Threat Analyst at Microsoft. Elif speaks with us about attacker email infrastructure. We learn what it is, how it’s used, and how her team is combating it. She explains how the intelligence her team gathers is helping to predict how a domain is going to be used, even before any malicious email campaigns begin. It’s a fascinating conversation that dives deep into Elif’s research and her unique perspective on combating cybercrime.
In This Episode, You Will Learn:
- The meaning of the terms “RandomU” and “StrangeU”
- The research and techniques used when gathering intelligence on attacker email structure
- How sophisticated malware campaigns evade machine learning, phish filters, and other automated technology
- The history behind service infrastructure, the Netcurs takedown, Agent Tesla, Diamond Fox, Dridox, and more
Some Questions We Ask:
- What is attacker email infrastructure and how is it used by cybercriminals?
- How does gaining intelligence on email infrastructures help us improve protection against malware campaigns?
- What is the difference between “attacker-owned infrastructure” and “compromised infrastructure”?
- Why wasn’t machine learning or unsupervised learning a technique used when gathering intelligence on attacker email campaigns?
- What should organizations do to protect themselves? What solutions should they have in place?
Resources:
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Elif Kaya
Microsoft Security Blog
Nic’s LinkedIn
Natalia’s LinkedIn
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Hosted on Acast. See acast.com/privacy for more information.
More shows like Security Unlocked
View all
Security Now (Audio)
1,971 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
406 Listeners
Darknet Diaries
7,864 Listeners
Cybersecurity Today
169 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
33 Listeners
The BlueHat Podcast
12 Listeners