Select Page
Stages of attack with tools and techniques used in the REvil ransomware attack on Kaseya

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure

In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused ... continue reading
Map showing countries targeted by NICKEL attacks

NICKEL targeting government organizations across Latin America and Europe

The Microsoft Threat Intelligence Center (MSTIC) has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016 and ... continue reading
Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Today’s threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers (SOCs) must be equipped with the tools and insight to identify ... continue reading

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

This is the third in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pulls ... continue reading
Red Canary by the numbers: 20,000 endpoints, 51 billion telemetry records, 69,886 tipoffs, 3,943 significant events, 74 detections, and 17 high-severity attacks.

How Red Canary and Microsoft can help reduce your alert fatigue

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Security alert fatigue Organizations often feel overwhelmed by the number of security alerts they receive. Frustrated by alert fatigue, these organizations want a deeper understanding ... continue reading
Partner relationships page in the Microsoft 365 admin center.

How to investigate service provider trust chains in the cloud

In a recent Microsoft blog post, we documented technical guidance for organizations to protect themselves from the latest NOBELIUM activity that was found to target technology service providers, which are privileged in their downstream customer tenants, as a method to ... continue reading
Column chart showing number of notifications for 2019, 2020, and 2021

Iranian targeting of IT sector on the rise

Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and ... continue reading
Three icons representing data at rest, in transit, and in use.

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero ... continue reading

Bringing commercial innovations in chip design to national security

Semiconductors and microelectronics are some of the most important components in building cutting-edge capabilities for our national security and defense technologies, from satellites and radar to vehicles and communications equipment. Ensuring these components are developed with the utmost regard for ... continue reading

Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365

Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how ... continue reading