Microsoft security intelligence – Page 6

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

July 12, 2022 0 Comments business email compromise (bec), cybersecurity, Microsoft security intelligence, phishing

Credit to Author: Paul Oliveria| Date: Tue, 12 Jul 2022 16:00:00 +0000

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).

The post From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud appeared first on Microsoft Security Blog.

Microsoft Security

Hive ransomware gets upgrades in Rust

July 5, 2022 0 Comments cybersecurity, hive, Microsoft security intelligence, mstic, Ransomware, Ransomware as a Service

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Tue, 05 Jul 2022 16:00:00 +0000

With its latest variant carrying several major upgrades, Hive proves it’s one of the fastest evolving ransomware payload, exemplifying the continuously changing ransomware ecosystem.

The post Hive ransomware gets upgrades in Rust appeared first on Microsoft Security Blog.

Microsoft Security

Toll fraud malware: How an Android application can drain your wallet

June 30, 2022 0 Comments Android, cybersecurity, Microsoft security intelligence, toll fraud malware

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 30 Jun 2022 14:00:00 +0000

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve.

The post Toll fraud malware: How an Android application can drain your wallet appeared first on Microsoft Security Blog.

Microsoft Security

Using process creation properties to catch evasion techniques

June 30, 2022 0 Comments cybersecurity, detection evasion, Microsoft security intelligence, process creation, process injection

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 30 Jun 2022 13:30:00 +0000

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques include process doppelganging, process herpadering, and process ghosting.

The post Using process creation properties to catch evasion techniques appeared first on Microsoft Security Blog.

Microsoft Security

Improving AI-based defenses to disrupt human-operated ransomware

June 21, 2022 0 Comments AI and machine learning, cybersecurity, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Tue, 21 Jun 2022 16:00:00 +0000

To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes, or behavior observed during active attacks.

The post Improving AI-based defenses to disrupt human-operated ransomware appeared first on Microsoft Security Blog.

Microsoft Security

The many lives of BlackCat ransomware

June 13, 2022 0 Comments cybersecurity, human-operated ransomware, Microsoft security intelligence, Ransomware, Ransomware as a Service

Credit to Author: Paul Oliveria| Date: Mon, 13 Jun 2022 16:00:00 +0000

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.

The post The many lives of BlackCat ransomware appeared first on Microsoft Security Blog.

Microsoft Security

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

June 2, 2022 0 Comments cybersecurity, Microsoft security intelligence, microsoft threat intelligence center (mstic), nation-state actor, polonium

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 02 Jun 2022 16:00:00 +0000

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.

The post Exposing POLONIUM activity and infrastructure targeting Israeli organizations appeared first on Microsoft Security Blog.

Microsoft Security

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

June 1, 2022 0 Comments conti, cybersecurity, Microsoft security intelligence, msticpy, python, threat intelligence

Credit to Author: Paul Oliveria| Date: Wed, 01 Jun 2022 18:00:00 +0000

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICpy, for example, is a Python tool dedicated to threat intelligence. It aims to help threat analysts acquire, enrich, analyze, and visualize data.

The post Using Python to unearth a goldmine of threat intelligence from leaked chat logs appeared first on Microsoft Security Blog.

Microsoft Security

Android apps with millions of downloads exposed to high-severity vulnerabilities

May 28, 2022 0 Comments Android, cybersecurity, Microsoft, Microsoft security intelligence, Mobile, Security, vulnerability

Credit to Author: Katie McCafferty| Date: Fri, 27 May 2022 16:00:00 +0000

Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.

The post Android apps with millions of downloads exposed to high-severity vulnerabilities appeared first on Microsoft Security Blog.

Microsoft Security

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

May 28, 2022 0 Comments cybersecurity, krbrelayup, microsoft defender for endpoint, microsoft defender for identity, Microsoft security intelligence, resource-based constrained delegation (rbcd)

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 25 May 2022 21:00:00 +0000

The privilege escalation hacking tool KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/ SharpMad, Whisker, and ADCSPwn tools in attacks. Although this attack won’t function for Azure Active Directory (Azure AD) joined devices, hybrid joined devices with on-premises domain controllers remain vulnerable.

The post Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) appeared first on Microsoft Security Blog.