Select Page
Pie graph showing DART engagement metrics by industry spanning from July 2020-June 2021. According to the graph, Consumer/Retail industry holds the highest engagement rate with 13 percent and Energy industry ranks the lowest at just 4 percent.

How cyberattacks are changing according to new Microsoft Digital Defense Report

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends—victims are coming forward, humanizing the toll ... continue reading

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus ... continue reading
Table showing differences between phishing kits and phishing-as-a-service

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the ... continue reading
Screenshot of code showing the original exploit vector

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as ... continue reading
The five levels of CMMC.

How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud

In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that ... continue reading
Diagram showing attack chain of phishing campaigns that use open redirect links

Widespread credential phishing campaign abuses open redirector links

Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links. Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking. Doing so leads to a series ... continue reading

Migrate your apps to access the license managements APIs from Microsoft Graph

Howdy folks! In June, I reminded you to update your apps to use Microsoft Graph due to the end of support for Azure Active Directory (Azure AD) Graph on June 30, 2022. Apps using Azure AD Graph after this time ... continue reading
Trend-spotting email techniques: How modern phishing emails hide in plain sight

Trend-spotting email techniques: How modern phishing emails hide in plain sight

With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous ... continue reading

Migrating content from traditional SIEMs to Azure Sentinel

In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices ... continue reading
Screenshot of email

Attackers use Morse code, other encryption methods in evasive phishing campaign

Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill ... continue reading