25 matches found
Exposing Fox Tempest: A malware-signing service operation
In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations
Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server VDS provider used by multiple financially motivated threat actors to commit business email compromise BEC, mass phishing, account takeover, and financial fraud. Microsoft’s...
Microsoft Shuts Down RaccoonO365 Phishing Ring, Seizes 338 Websites
Microsoft's Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact...
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence AI services and produce offensive and harmful content...
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks
Meta Platforms, Microsoft, and the U.S. Department of Justice DoJ have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit DCU said it seized 240 fraudulent websites associated with an...
NICKEL targeting government organizations across Latin America and Europe
The Microsoft Threat Intelligence Center MSTIC has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations NGOs across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016...
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...
Encouraging women to embrace their cybersecurity superpowers
The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in...
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...
Business email compromise: How Microsoft is combating this costly threat
Amongst all cybercrime, phishing attacks continue to be the most prevalent today. With over 90 percent of attacks coming via email, it’s important that every organization has a plan to prevent these threats from reaching users. At Microsoft, we’re passionate about providing our customers with...
Necurs Botnet in Crosshairs of Global Takedown Offensive
A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...
Take these steps to stay safe from counterfeit software and fraudulent subscriptions
This post is authored by Matt Lundy, Assistant General Counsel, Microsoft. Software piracy and fraudulent subscriptions are serious, industry-wide problems affecting consumers and organizations around the world. In 2016, 39 percent of all software installed on computers was not properly licensed,...
テクニカル サポート詐欺との戦い
本記事は、Microsoft Digital Crimes Unit の Courtney Gregoire による投稿 "The fight against tech support scams" 2017 年 5 月 18 日 米国時間公開 を翻訳したも...
All Seized Domains Returned to No-IP
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP. When Microsoft announced the takedown on June 30, officials said that the company h...
Microsoft Says 'Technical Error' Led to Legitimate No-IP Customers Losing Service
In the course of its actions to take down a major malware operation, Microsoft seized more than 20 domains from No-IP.com, a hosting provider in Nevada. Microsoft now admits that the company made a technical mistake as part of that takedown, an errors that resulted in legitimate No-IP.com custome...
Microsoft's Digital Crimes Unit successfully disrupted the ZeroAccess Botnet
None...
Microsoft and Google Collaborate on Effort to Clean Web of Cild Abuse Images
Microsoft and Google are cooperating in an effort to make it much more difficult for child predators to find illegal images online by blocking search results for about 100,000 search terms. The companies also are collaborating on methods to better identify illegal abuse images and remove them mor...
Threat Outbreak Alert: Fake Account Complaint Resolution Document Email Messages on October 4, 2013
Medium Alert ID: 31126 First Published: 2013 October 7 20:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claims to notify the recipient about an unusually large amount of email traffic from their address. The text in the email messag...
At Microsoft, a Sharp Focus on Cybercrime
REDMOND, Wash.–Cybercrime has developed in the last few years into a major concern, not just for the consumers and businesses that are victims, but also for governments around the world. Obama administration officials have called it one of the larger threats to the United States economy. While la...