30 matches found
Microsoft Defender for Endpoint now stops human-operated attacks on its own
Defenders need every edge they can get in the fight against ransomware. Today, were pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...
Stopping C2 communications in human-operated ransomware through network protection
Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...
Stopping C2 communications in human-operated ransomware through network protection
Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11
Microsoft is now taking steps to prevent Remote Desktop Protocol RDP brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds –...
The many lives of BlackCat ransomware
The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...
Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations
For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations, showcasing the value of an integrated XDR-based defense that unifies device and identity protection with a Zero Trust approach:...
Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations
For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations, showcasing the value of an integrated XDR-based defense that unifies device and identity protection with a Zero Trust approach:...
Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations
For the fourth year in a row, the independent MITRE Engenuity Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® Evaluations demonstrated Microsoft’s strong detection and protection capabilities thanks to our multi-platform extended detection and response XDR defenses. The ever-evolvin...
Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations
For the fourth year in a row, the independent MITRE Engenuity Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® Evaluations demonstrated Microsoft’s strong detection and protection capabilities thanks to our multi-platform extended detection and response XDR defenses. The ever-evolvin...
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of...
AI-driven adaptive protection against human-operated ransomware
In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...
How cyberattacks are changing according to new Microsoft Digital Defense Report
In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are...
How cyberattacks are changing according to new Microsoft Digital Defense Report
In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are...
A guide to combatting human-operated ransomware: Part 1
This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...
On the Taxonomy and Evolution of Ransomware
Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt...
Threat spotlight: DarkSide, the ransomware used in the Colonial Pipeline attack
Late last week, the business network systems of Colonial Pipeline, the biggest supplier of fuels on the East Coast of the United States, were compromised due to a ransomware attack, forcing the company to temporarily shut down its operations while investigations are underway. Monday morning,...