Select Page
Data center

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Security
Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run ... continue reading
Detecting reflective DLL loading with Windows Defender ATP

Detecting reflective DLL loading with Windows Defender ATP

Security
Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or ... continue reading
Exploit for CVE-2017-8759 detected and neutralized

Exploit for CVE-2017-8759 detected and neutralized

Security
The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions were already protected against the malicious attachments. The vulnerability, classified ... continue reading
Windows Defender ATP machine learning: Detecting new and unusual breach activity

Windows Defender ATP machine learning: Detecting new and unusual breach activity

Security
Microsoft has been investing heavily in next-generation security technologies. These technologies use our ability to consolidate large sets of data and build intelligent systems that learn from that data. These machine learning (ML) systems flag and surface threats that would ... continue reading
Figure 1: Windows Defender ATP detection of Kovter performing process hollowing on regsvr32.exe using mshta.exe

Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing

Security
Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. To avoid detection, attackers are increasingly turning to cross-process injection. Cross-process injection gives attackers the ability ... continue reading
Figure 1. Infection cycle overview

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

Security
On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as ... continue reading
PLATINUM file transfer tool network flow

PLATINUM continues to evolve, find ways to maintain invisibility

Security
Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group. We described a group that was well-resourced and quickly adopted advanced ... continue reading
Initial alerts triggered by PowerShell activities as detected by Windows Defender ATP

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Security
Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations ... continue reading
back-up

World Backup Day is as good as any to back up your data

Security
In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger. That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals ... continue reading
Loading...