Unpacking the Latest Threats Targeting the Financial Services Industry

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Megan Stalling and Anna Seitz to examine how financially motivated threat actors are using familiar, low-complexity techniques to drive real-world impact across the financial services sector.  They examine Storm-0727, a financially motivated threat actor targeting cryptocurrency, financial services, and government entities, highlighting how simple techniques like financial-themed lures, macro-enabled documents, and credential theft allow attackers to quietly establish and maintain access. The conversation then expands to broader financial-services threat trends, including business email compromise, ransomware with data extortion, phishing-as-a-service, and why social engineering and unpatched vulnerabilities continue to succeed even in mature security environments.  In this episode you’ll learn:       How credential theft helps attackers maintain persistence  Why social engineering works even in well-secured environments  How Storm-0727 targets financial services and cryptocurrency organizations  Some questions we ask:      What happens after a victim opens a macro-enabled document used by Storm-0727?  How are phishing as a service platforms changing the threat landscape?  What major threat trends are currently shaping the financial services sector?    Resources:   View Megan Stalling on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider