Select Page
Map of threat research methodologies.

SimuLand: Understand adversary tradecraft and improve detection strategies

At Microsoft, we continuously collaborate with customers and the InfoSec community to learn more about the latest adversary tradecraft so that we can improve our detection strategies across all our security services. Even though those detections are already built into ... continue reading
Business email compromise campaign targets wide range of orgs with gift card scam

Business email compromise campaign targets wide range of orgs with gift card scam

Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to ... continue reading
Azure Backup Center – Report on and Optimize your Backup environment.

Azure Backup Center – Report on and Optimize your Backup environment.

Hello folks, In the first post in this series, we explored the overall capabilities ABC is the one single place for all simplified backup needs. As mentioned before, everything in one interface one place to discover and configure, to operate ... continue reading
Number of tests in which the vendor blocked the attack at earliest stage possible. Microsoft successfully blocked at the earliest possible point on six protection tests, more than any other vendor participating in the test.

Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with market-leading capabilities ... continue reading
Demo of Microsoft Counterfit used to scan an AI model for model evasion vulnerability.

AI security risk assessment using Counterfit

Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI ... continue reading
Screenshot of a Microsoft Defender for Endpoint alert in the security center about a CoinMiner that was blocked.

Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT

Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies ... continue reading
Attack diagram showing stages of an attack and how the threat actor tracking model caught the initial stages so the affected organization could stop the attack

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

As seen in recent sophisticated cyberattacks, especially human-operated campaigns, it’s critical to not only detect an attack as early as possible but also to rapidly determine the scope of the compromise and predict how it will progress. How an attack ... continue reading

Protecting on-premises Exchange Servers against recent attacks

For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized ... continue reading
Example showing Case 1: Custom Script Extension

Azure LoLBins: Protecting against the dual use of virtual machine extensions

Azure Defender for Resource Manager offers unique protection by automatically monitoring the resource management operations in your organization, whether they’re performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. In this blog, we will ... continue reading
Real people. IT professionals build and maintain the LinkedIn server farm which operates on 100% renewable energy. Power is hydro-generated and managed efficiently on-site with minimum new draw from external grid. State-of-the-art facility uses eco-friendly solutions such as using reclaimed water to cool the data center.

Securing Azure datacenters with continuous IoT/OT monitoring

As more intelligent devices and machinery become connected to the internet, Operational Technology (OT) and the Internet of Things (IoT) have become part of your enterprise network infrastructure—and a growing security risk. With every new factory sensor, wind turbine monitoring ... continue reading