Microsoft security intelligence – Page 7

Anatomy of a DDoS amplification attack

May 28, 2022 0 Comments cybersecurity, DDoS, ddos amplification, ddos protection, Microsoft security intelligence

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 23 May 2022 18:00:00 +0000

Amplification attacks are one of the most common distributed denial of service (DDoS) attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in exhausting its resources due to the amount of traffic it receives.

The post Anatomy of a DDoS amplification attack appeared first on Microsoft Security Blog.

Microsoft Security

Beneath the surface: Uncovering the shift in web skimming

May 28, 2022 0 Comments cybersecurity, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Mon, 23 May 2022 16:00:00 +0000

Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected the malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions.

The post Beneath the surface: Uncovering the shift in web skimming appeared first on Microsoft Security Blog.

Microsoft Security

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

May 19, 2022 0 Comments cybersecurity, Linux, malware, Microsoft, Microsoft security intelligence, Security

Credit to Author: Katie McCafferty| Date: Thu, 19 May 2022 16:00:00 +0000

Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware’s capabilities and key infection signs.

The post Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices appeared first on Microsoft Security Blog.

Microsoft Security

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

May 17, 2022 0 Comments cryptocurrency mining, cryptojacker, cryptojacking, cryware, cybersecurity, hot wallet, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Tue, 17 May 2022 16:00:00 +0000

The rise in cryptocurrency market capitalization paved the way to the emergence of threats Microsoft security researchers are referring to as “cryware”—information stealers focused on gathering and exfiltrating data from non-custodial cryptocurrency wallets.

The post In hot pursuit of ‘cryware’: Defending hot wallets from attacks appeared first on Microsoft Security Blog.

Microsoft Security

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

May 11, 2022 0 Comments center for threat-informed defense, cybersecurity, human-operated ransomware, Microsoft security intelligence, mitre att&ck, Ransomware

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 11 May 2022 16:00:00 +0000

The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders.

The post Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders appeared first on Microsoft Security Blog.

Microsoft Security

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

May 9, 2022 0 Comments cybersecurity, human-operated ransomware, Microsoft security intelligence, Ransomware, Ransomware as a Service

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 09 May 2022 13:00:00 +0000

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

The post Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

April 26, 2022 0 Comments cybersecurity, Linux, Microsoft, microsoft defender for endpoint, Microsoft security intelligence, Security, Vulnerabilities

Credit to Author: Katie McCafferty| Date: Tue, 26 Apr 2022 16:00:00 +0000

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.

The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog.

Microsoft Security

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

April 13, 2022 0 Comments cybersecurity, Microsoft security intelligence, zloader

Credit to Author: Paul Oliveria| Date: Wed, 13 Apr 2022 16:00:00 +0000

Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated tactics, recent campaigns, and affiliated payloads, such as ransomware.

The post Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware appeared first on Microsoft Security Blog.

Microsoft Security

Tarrask malware uses scheduled tasks for defense evasion

April 12, 2022 0 Comments cybersecurity, hafnium, microsoft detection and response team (dart), Microsoft security intelligence, tarrask

Credit to Author: Paul Oliveria| Date: Tue, 12 Apr 2022 16:00:00 +0000

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, and how the malware’s evasion techniques are used to maintain and ensure persistence on systems.

The post Tarrask malware uses scheduled tasks for defense evasion appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

April 5, 2022 0 Comments cybersecurity, Microsoft, Microsoft security intelligence, mitre att&ck, mitre engenuity, Security

Credit to Author: Katie McCafferty| Date: Wed, 06 Apr 2022 01:30:07 +0000

For the fourth consecutive year, Microsoft 365 Defender demonstrated industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations. These results highlighted the importance of taking an XDR-based approach spanning endpoints, identities, email and cloud, and the importance of both prevention and protection.

The post Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations appeared first on Microsoft Security Blog.