f you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them.     On today’s podcast, hosts Nic Fillingham and Natalia Godyla are joined by Elif Kaya, a Threat Analyst at Microsoft. Elif speaks with us about attacker email infrastructure. We learn what it is, how it’s used, and how her team is combating it. She explains how the intelligence her team gathers is helping to predict how a domain is going to be used, even before any malicious email campaigns begin. It’s a fascinating conversation that dives deep into Elif’s research and her unique perspective on combating cybercrime.  In This Episode, You Will Learn:   • The meaning of the terms “RandomU” and “StrangeU”  • The research and techniques used when gathering intelligence on attacker email structure  • How sophisticated malware campaigns evade machine learning, phish filters, and other automated technology  • The history behind service infrastructure, the Netcurs takedown, Agent Tesla, Diamond Fox, Dridox and more  Some Questions We Ask: • What is attacker email infrastructure and how is it used by cybercriminals?  • How does gaining intelligence on email infrastructures help us improve protection against malware campaigns?  • What is the difference between “attacker-owned infrastructure” and “compromised infrastructure”?  • Why wasn’t machine learning or unsupervised learning a technique used when gathering intelligence on attacker email campaigns?  • What should organizations do to protect themselves? What solutions should they have in place?     Resources: What tracking an attacker email infrastructure tells us about persistent cybercriminal operations:  https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/  Elif Kaya: https://www.linkedin.com/in/elifcyber/  Nic’s LinkedIn:   https://www.linkedin.com/in/nicfill/    Natalia’s LinkedIn:   https://www.linkedin.com/in/nataliagodyla/    Microsoft Security Blog:   https://www.microsoft.com/security/blog/ See acast.com/privacy for privacy and opt-out information.