Hot Cybercrime Summer: Smishing, Supply Chains, and Sleuthcon
Show notes
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo sits down with Aurora Johnson of SpyCloud and Amitai Cohen of Wiz ahead of SleuthCon to explore two rapidly changing corners of the cybercrime landscape.
Aurora breaks down the highly organized Chinese-language smishing ecosystem, revealing how phishing operations, fraud networks, and cash-out schemes work together like a mature business.
Amitai examines the growing threat to software supply chains, explaining how groups like Team PCP are exploiting CI/CD pipelines, open-source dependencies, and AI-assisted malware development.
Together, they discuss the industrialization of cybercrime, the role of automation and AI, and why defenders must rethink how they secure today's interconnected digital ecosystem.
In this episode you’ll learn:
-
Why cybercrime ecosystems now operate like sophisticated businesses
-
How NFC relay attacks are being used to cash out stolen credit card data
-
The role Telegram marketplaces play in modern fraud operations
Some questions we ask:
-
How industrialized has modern cybercrime become?
-
What clues suggest threat actors are using AI to create malware?
-
What are defenders missing about CI/CD pipelines as an attack surface?
Resources:
View Aurora Johnson on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.