Microsoft Incident Response

New Microsoft Incident Response guide helps simplify cyberthreat investigations

There’s an increasing demand for skilled cybersecurity professionals. It’s being driven by a surge in cyberthreats and more sophisticated attackers. However, many employers are hesitant to fill open cybersecurity roles and are hiring conservatively in case of economic downturn—even though they understand the importance of having the right expertise to mitigate contemporary cyberrisks. Organizations face […]

New Microsoft Incident Response guide helps simplify cyberthreat investigations Continue Reading

How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats

Identity-based cyberthreats are on the rise. 2023 saw a tenfold increase in threats including phishing, ransomware, and more.1 And bad actors continue to evolve their techniques—making them more sophisticated, more overwhelming, and more believable. From an employee’s viewpoint, every ping, click, swipe, buzz, ding, text, and tap takes time and attention—which can add up to

How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats Continue Reading

Microsoft Incident Response lessons on preventing cloud identity compromise

Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access to target networks. The compromise of an identity, under certain circumstances,

Microsoft Incident Response lessons on preventing cloud identity compromise Continue Reading

Protecting credentials against social engineering: Cyberattack Series

Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing (text-based phishing) cyberattack that targeted a legitimate, highly-privileged user with

Protecting credentials against social engineering: Cyberattack Series Continue Reading

An integrated incident response solution with Microsoft and PwC

Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to help evict the bad actors faster and more effectively. PwC can then work on

An integrated incident response solution with Microsoft and PwC Continue Reading

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an intrusion, we found that the threat actor progressed through the full attack

The five-day job: A BlackByte ransomware intrusion case study Continue Reading

Patch me if you can: Cyberattack Series

Many organizations utilize third-party apps for identity security solutions to automate and unburden overtaxed IT admins from tedious tasks that employees can perform via self-service without IT assistance. But in September 2021, our researchers observed threat actors exploiting one such third-party app at several US-based entities. The vulnerability was publicly reported on September 6, 2021

Patch me if you can: Cyberattack Series Continue Reading