Podcasts
Security Unlocked
Ep 19
Security Unlocked 3.17.21
Ep 19 | 3.17.21

Re: Tracking Attacker Email Infrastructure

Show Notes
Transcript

If you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them.

On today’s podcast, hosts Nic Fillingham and Natalia Godyla are joined by Elif Kaya, a Threat Analyst at Microsoft. Elif speaks with us about attacker email infrastructure. We learn what it is, how it’s used, and how her team is combating it. She explains how the intelligence her team gathers is helping to predict how a domain is going to be used, even before any malicious email campaigns begin. It’s a fascinating conversation that dives deep into Elif’s research and her unique perspective on combating cybercrime. 

In This Episode, You Will Learn:  

  • The meaning of the terms “RandomU” and “StrangeU” 
  • The research and techniques used when gathering intelligence on attacker email structure 
  • How sophisticated malware campaigns evade machine learning, phish filters, and other automated technology 
  • The history behind service infrastructure, the Netcurs takedown, Agent Tesla, Diamond Fox, Dridox, and more 

Some Questions We Ask:

  • What is attacker email infrastructure and how is it used by cybercriminals? 
  • How does gaining intelligence on email infrastructures help us improve protection against malware campaigns? 
  • What is the difference between “attacker-owned infrastructure” and “compromised infrastructure”? 
  • Why wasn’t machine learning or unsupervised learning a technique used when gathering intelligence on attacker email campaigns? 
  • What should organizations do to protect themselves? What solutions should they have in place? 

Resources:

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

Elif Kaya

Microsoft Security Blog

Related:

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked: CISO Series with Bret Arsenault 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network. 

Security Unlocked
Podcast Info
HOST(S):
Nic Fillingham
Natalia Godyla
Nic Fillingham likes to ask questions and find out how stuff works. For over 15 years Nic has worked at Microsoft on Xbox, Windows, developer tools, Microsoft 365 and Security. A transplant from Australia, Nic lives just outside of Seattle on a small farm with his family and too many guitars.
Natalia Godyla is an award-winning B2B product marketer and speaker, currently in the Security Product Marketing group at Microsoft. She specializes in cybersecurity marketing and has a Sec+ certification. Fun fact: Natalia is also a published poet and founder of Rebel Data.
Schedule: Wednesdays
Credits: Executive Producer is Bruce Bracken, Producer is Rob Petrillo, Production Manager is Max Solomon, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft
Security Unlocked