Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Credit to Author: Katie McCafferty| Date: Tue, 22 Nov 2022 17:00:00 +0000

As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.

The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog.

Read more

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 17 Nov 2022 17:00:00 +0000

DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.

The post DEV-0569 finds new ways to deliver Royal ransomware, various payloads appeared first on Microsoft Security Blog.

Read more

Token tactics: How to prevent, detect, and respond to cloud token theft

Credit to Author: Paul Oliveria| Date: Wed, 16 Nov 2022 16:00:00 +0000

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.

Read more

2022 holiday DDoS protection guide

Credit to Author: Paul Oliveria| Date: Tue, 15 Nov 2022 18:00:00 +0000

The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays (for example, more sales for retailers and more players for gaming companies). Unfortunately, cyber attackers also look forward to this time of year to celebrate an emerging holiday tradition—distributed denial-of-service (DDoS) attacks.

The post 2022 holiday DDoS protection guide appeared first on Microsoft Security Blog.

Read more

Microsoft threat intelligence presented at CyberWarCon 2022 

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 10 Nov 2022 17:00:00 +0000

At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.

The post Microsoft threat intelligence presented at CyberWarCon 2022  appeared first on Microsoft Security Blog.

Read more

Stopping C2 communications in human-operated ransomware through network protection

Credit to Author: Katie McCafferty| Date: Thu, 03 Nov 2022 16:00:00 +0000

Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.

The post Stopping C2 communications in human-operated ransomware through network protection appeared first on Microsoft Security Blog.

Read more

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Credit to Author: Paul Oliveria| Date: Thu, 27 Oct 2022 16:00:00 +0000

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.

The post Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity appeared first on Microsoft Security Blog.

Read more

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

Credit to Author: Katie McCafferty| Date: Tue, 25 Oct 2022 16:00:00 +0000

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.

The post DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector appeared first on Microsoft Security Blog.

Read more

Securing IoT devices against attacks that target critical infrastructure

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Fri, 21 Oct 2022 16:00:00 +0000

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today.  According to South Staffordshire, the breach did not appear to have caused damage to…

The post Securing IoT devices against attacks that target critical infrastructure appeared first on Microsoft Security Blog.

Read more

Defenders beware: A case for post-ransomware investigations

Credit to Author: Paul Oliveria| Date: Tue, 18 Oct 2022 18:00:00 +0000

The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.

The post Defenders beware: A case for post-ransomware investigations appeared first on Microsoft Security Blog.

Read more