How cyberattacks are changing according to new Microsoft Digital Defense Report
In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends—victims are coming forward, humanizing the toll ... continue reading
Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation
In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with market-leading capabilities ... continue reading
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety ... continue reading
EDR in block mode stops IcedID cold
We are happy to announce the general availability of endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses ... continue reading
Demystifying Ransomware Attacks Against Microsoft Defender Solution
Hi IT Pros, As you have known it, Ransomware is in aggravated assault mode at this time of year 2020, the joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and ... continue reading
Dharma Ransomware: Recovery and Preventative Measures
This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In the last several months, I have been getting a lot of requests around certain Ransomware that steals credentials through targeting phishing campaigns, extracting credentials to get Domain Admin access, and then ... continue reading
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe ... continue reading
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as ... continue reading
MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats
As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility ... continue reading
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Following a short hiatus, Astaroth came back to life in early February sporting significant changes in its attack chain. Astaroth is an info-stealing malware that employs multiple fileless techniques and abuses various legitimate processes to attempt running undetected on compromised ... continue reading
