Select Page
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
Bar chart illustrating the distribution of cryware family detections from January to December 2021.

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, ... continue reading
Strengthen your security posture with new Azure AD partner integrations

Strengthen your security posture with new Azure AD partner integrations

I’m excited to announce several new Azure Active Directory (Azure AD) product integrations are now available. By leveraging the power of Azure AD, these solutions can help streamline your identity access, governance, and authentication for stronger Zero Trust security across ... continue reading
Diagram showing the relationship between players in the ransomware-as-a-service affiliate model. Access brokers compromise networks and persist on systems. The RaaS operator develops and maintain tools. The RaaS affiliate performs the attack.

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal ... continue reading
A simplified outline of a person's head alongside the words "One in three security jobs in the U S is vacant."

Building a safer world together with our partners—introducing Microsoft Security Experts

More threats—not enough defenders The security landscape has become increasingly challenging and complex for our customers. Threats have grown at an alarming rate over the last year, and cybercrime is now expected to cost the world USD10.5 trillion annually by ... continue reading
The path of alerts through D3 XGEN SOAR, from the alert source to the incident response phase. D3's Event Pipeline covers the normalization, triage, and dismissal and escalation phases.

Automating your Microsoft security suite with D3 XGEN SOAR  

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. There are certain pain points in the average security operations center (SOC) that, no matter what else changes in the security landscape, ... continue reading

Discover the anatomy of an external cyberattack surface with new RiskIQ report

The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against ... continue reading
An open road with text overlay stating “Honor the past, be honest about the present, and hope for the future.”

A clearer lens on Zero Trust security strategy: Part 1

Today’s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, ... continue reading
World map with circles of varying sizes located in several countries regions to indicate the threat's impact.

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could ... continue reading
The Microsoft vulnerable driver blocklist feature enabled in the Core isolation page within the Windows Security app.

New security features for Windows 11 will help protect hybrid work

Attackers haven’t wasted any time capitalizing on the rapid move to hybrid work. Every day cybercriminals and nation-states alike have improved their targeting, speed, and accuracy as the world adapted to working outside the office. These changes have put “cybersecurity ... continue reading