Microsoft security intelligence – Page 9

The evolution of a Mac trojan: UpdateAgent’s progression

February 2, 2022 0 Comments adware, cybersecurity, MacOS, microsoft 365 defender, Microsoft security intelligence, updateagent

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 02 Feb 2022 17:00:00 +0000

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms.

The post The evolution of a Mac trojan: UpdateAgent’s progression appeared first on Microsoft Security Blog.

Microsoft Security

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

February 2, 2022 0 Comments cybersecurity, MFA, microsoft 365 defender, Microsoft security intelligence, phishing

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 26 Jan 2022 17:00:00 +0000

We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.

The post Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA appeared first on Microsoft Security Blog.

Microsoft Security

Destructive malware targeting Ukrainian organizations

February 2, 2022 0 Comments cybersecurity, dev-0586, microsoft 365 defender, microsoft detection and response team (dart), Microsoft security intelligence, microsoft threat intelligence center (mstic)

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Sun, 16 Jan 2022 02:28:30 +0000

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.

The post Destructive malware targeting Ukrainian organizations appeared first on Microsoft Security Blog.

Microsoft Security

Behavioral blocking and containment: Transforming optics into protection

March 18, 2020 0 Comments behavioral blocking and containment, cybersecurity, endpoint detection and response (edr), endpoint protection platform (EPP), Endpoint security, juicy potato, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft security intelligence, microsoft threat protection, next generation protection, qrat, Security Intelligence, Threat protection

Credit to Author: Eric Avena| Date: Mon, 09 Mar 2020 16:30:20 +0000

Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.

The post Behavioral blocking and containment: Transforming optics into protection appeared first on Microsoft Security .

Microsoft Security

Human-operated ransomware attacks: A preventable disaster

March 18, 2020 0 Comments cybersecurity, DoppelPaymer, dridex, Endpoint security, hands-on-keyboard, human-operated attacks, Microsoft 365, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, parinacota, Ransomware, ryuk, secure score, security deployment, Threat protection, trickbot, wadhrama

Credit to Author: Eric Avena| Date: Thu, 05 Mar 2020 17:00:31 +0000

In human-operated ransomware attacks, adversaries exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.

The post Human-operated ransomware attacks: A preventable disaster appeared first on Microsoft Security .

Microsoft Security

Ghost in the shell: Investigating web shell attacks

February 5, 2020 0 Comments China Chopper, cybersecurity, Detection and Response Team (DART), Endpoint security, gallium, Incident Response, krypton, Microsoft Defender Advanced Threat Protection, microsoft detection and response team (dart), Microsoft security intelligence, security management, Threat protection, web shell, zinc

Credit to Author: Eric Avena| Date: Tue, 04 Feb 2020 17:30:40 +0000

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.

The post Ghost in the shell: Investigating web shell attacks appeared first on Microsoft Security .

Microsoft Security

sLoad launches version 2.0, Starslord

January 21, 2020 0 Comments bits, cybersecurity, Endpoint security, Microsoft security intelligence, sload, starslord

Credit to Author: Eric Avena| Date: Tue, 21 Jan 2020 18:00:39 +0000

sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.

The post sLoad launches version 2.0, Starslord appeared first on Microsoft Security .

Microsoft Security

Rethinking cyber scenarios—learning (and training) as you defend

January 15, 2020 0 Comments CISO series, Ciso series page, cybersecurity, Microsoft security intelligence, Zero Trust

Credit to Author: Elizabeth Wolk| Date: Tue, 14 Jan 2020 17:00:55 +0000

Gamified cybersecurity learning is an increasingly important must-have in your SecOps program, from understanding basic concepts all the way into advanced attacker and defense scenarios. Microsoft and Circadence are working together to democratize and scale cyber readiness globally.

The post Rethinking cyber scenarios—learning (and training) as you defend appeared first on Microsoft Security .

Microsoft Security

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

December 18, 2019 0 Comments AI and machine learning, automation, brute force attack, cybersecurity, data science, Endpoint security, event id 4625, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, microsoft threat experts, probablistic time series model, Remote Desktop Protocol (RDP), Security Intelligence, Threat protection, Windows Security

Credit to Author: Eric Avena| Date: Wed, 18 Dec 2019 18:00:24 +0000

Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.

The post Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks appeared first on Microsoft Security .

Microsoft Security

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

December 12, 2019 0 Comments alternative protocol, bits, cybersecurity, Endpoint security, living-off-the-land, Microsoft security intelligence, sload

Credit to Author: Eric Avena| Date: Thu, 12 Dec 2019 17:30:26 +0000

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of the Windows operating system that provides an ability to transfer files in an asynchronous and…

The post Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities appeared first on Microsoft Security .