726 matches found
Overview of rapid cyberattacks
Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attack...
Gain flexibility and scale with a cloud-native DLP solution
We’re living in a seismic era for data security. Chief information security officers CISOs have to contend with a digital landscape that seems to shift daily as more organizations move to remote and hybrid work, redrawing the boundaries for how data is used and shared. The cloud has enabled...
Detecting and preventing LSASS credential dumping attacks
Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...
How Microsoft tools and partners support GDPR compliance
This post is authored by Daniel Grabski,Executive Security Advisor, Microsoft Enterprise Cybersecurity Group. As an Executive Security Advisor for enterprises in Europe and the Middle East, I regularly engage with Chief Information Security Officers CISOs, Chief Information Officers CIOs and Data...
Token tactics: How to prevent, detect, and respond to cloud token theft
As organizations increase their coverage of multifactor authentication MFA, threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team DART has seen an increa...
Stop Ransomware with Microsoft Security digital event presents threat intelligence in action
One of the biggest challenges in security today is visibility. And by visibility, I don’t just mean keeping an eye on ever-evolving cyberthreats, but also seeing your own security environment clearly—especially where you’re vulnerable. For defenders who are working hard to manage threats across...
Microsoft recognized as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021
In this new world of hybrid work, organizations face an increasing volume of data, ever-evolving regulations around how that data is protected, and an evolving complexity and frequency of data security breaches. To help our customers navigate this complex data landscape, we are focused on...
Becoming resilient by understanding cybersecurity risks: Part 3—a security pro’s perspective
In part two of this blog series on aligning security with business objectives and risk, we explored the importance of thinking and acting holistically, using the example of human-operated ransomware, which threatens every organization in every industry. As we exited 2020, the Solorigate attack...
Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact
GDPR, HIPAA, GLBA, all 50 U.S. States, and many countries have privacy breach reporting requirements. If an organization experiences a breach of customer or employee personal information, they must report it within the required time frame. The size and scope of this reporting effort can be massiv...
A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture
In the last post, we discussed Office 365 and how enabling certain features without understanding all the components can lead to a false sense of security. We demonstrated how implementing a break glass account, multi-factor authentication MFA, and the removal of legacy authentication can help...
Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. You can learn more about MISA here. Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple...
Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet
The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the...
PLATINUM continues to evolve, find ways to maintain invisibility
Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group. We described a group that was well-resourced and quickly adopted advanced techniques, such as hot patching to...
Defenders beware: A case for post-ransomware investigations
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...
How Open Systems uses Microsoft tools to improve security maturity
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. We’ve all seen it happen—an organization has all the top-notch security tools in place and still, they get breached. In today’s rapidly evolving threat landscape, complexity leads to...
New insights on cybersecurity in the age of hybrid work
As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...
A guide to combatting human-operated ransomware: Part 2
This blog is part two of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. In part one of this bl...
Afternoon Cyber Tea: Learn how to stop misinformation threats from nation-state bad actors
Information has long been wielded as an instrument of national power and influence. In today’s digital world, misinformation can also be just as powerful. On a special episode of Afternoon Cyber Tea with Ann Johnson, Sandra Joyce, Executive Vice President and Head of Mandiant Intelligence at...
Trend-spotting email techniques: How modern phishing emails hide in plain sight
With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscur...
Migrating content from traditional SIEMs to Azure Sentinel
In part two of this three-part series, we covered the five types of side-by-side security information and event management SIEM configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...
Afternoon Cyber Tea: Privacy, the pandemic, and protecting our cyber future
Much of our everyday life has moved online with the pandemic continuing to play a role in how we work and communicate with others. This migration has meant that security and privacy continue to remain top-of-mind for both security professionals and those who may not have given these cyber issues ...
Empowering employees to securely work from anywhere with an internet-first model and Zero Trust
Like many this year, our Microsoft workforce had to quickly transition to a work from the home model in response to COVID-19. While nobody could have predicted the world’s current state, it has provided a very real-world test of the investments we have made implementing a Zero Trust security mode...
Detecting threat actors in recent German industrial attacks with Windows Defender ATP
When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, givin...
Microsoft supports the DoD’s Zero Trust strategy
The Department of Defense DoD released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
Simplifying the complex: Introducing Privacy Management for Microsoft 365
The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...
Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work
As the world has changed over the past 18-months, companies have been wrestling with ways to keep employees and data protected as they support new ways of hybrid working. We built Windows 11 to be the most secure Windows yet with built-in chip to cloud protection that ensures company assets stay...
Building a Zero Trust business plan
These past six months have been a remarkable time of transformation for many IT organizations. With the forced shift to remote work, IT professionals have had to act quickly to ensure people continue working productively from home—in some cases bringing entire organizations online over a weekend...
Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 months
2020 has been a transitional year, ushering in broad changes in how, and where, we work. Security operations SecOps teams face more significant challenges than ever as they protect the organization in this rapidly changing environment. These teams need a flexible, cost-effective, and efficient...
How to connect with Microsoft Security at Black Hat USA 2023
Now in its twenty-sixth year, Black Hat USA takes place August 5 to 10, 2023, at Mandalay Bay in Las Vegas, Nevada, bringing together security professionals for the latest in information security research, development, and trends. Microsoft Security is pleased to have a presence at Black Hat, wit...
5 reasons to adopt a Zero Trust security strategy for your business
Adopting Zero Trust security for your enterprise is no longer a wish-list item—it’s a business imperative. The workplace today extends to almost anywhere, anytime, from any device. Siloed, patchwork security solutions leave gaps that threat actors continue to exploit. A comprehensive Zero Trust...
2023 identity security trends and solutions from Microsoft
Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we talk about on the team is “shiny object syndrome”—there are a ton of innovative and scary attacks and...
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...
Stopping C2 communications in human-operated ransomware through network protection
Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...
The many lives of BlackCat ransomware
The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...
The evolution of a Mac trojan: UpdateAgent’s progression
Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...
Stay safe online this holiday shopping season with tips from Microsoft
You may have already noticed this holiday shopping season feels different than those we’ve had before. Headlines about supply chain issues, worker shortages, costs rising—all while the pandemic continues to impact our lives. In my own inbox, I saw emails from brands touting Black Friday sales as...
How to investigate service provider trust chains in the cloud
In a recent Microsoft blog post, we documented technical guidance for organizations to protect themselves from the latest NOBELIUM activity that was found to target technology service providers, which are privileged in their downstream customer tenants, as a method to gain access to their...
How Vodafone Global Security Director creates an inclusive and secure workplace
Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the office, the company has embraced a Zero Trust strategy that requires authenticating...
Afternoon Cyber Tea: Microsoft’s cybersecurity response to COVID-19
On February 25, 2020, Microsoft Chief Information Security Officer CISO Bret Arsenault was attending the RSA Conference in San Francisco when the city declared a state of emergency because of COVID-19. Shortly after flying back to Seattle, Bret learned of the first death from the coronavirus in...
Microsoft surpasses $10 billion in security business revenue, more than 40 percent year-over-year growth
I joined Microsoft a little more than six months ago—amid a global pandemic and a new norm of remote work, as well as one of the most rapidly evolving threat landscapes in history. We’ve witnessed more sophisticated attacks, like the recent SolarWinds incident, as well as an increase in attack...
Cyberattacks targeting health care must stop
In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Kore...
How artificial intelligence stopped an Emotet outbreak
At 12:46 a.m. local time on February 3, a Windows 7 Pro customer in North Carolina became the first would-be victim of a new malware attack campaign for Trojan:Win32/Emotet. In the next 30 minutes, the campaign tried to attack over a thousand potential victims, all of whom were instantly and...
Microsoft to remove WoSign and StartCom certificates in Windows 10
Microsoft has concluded that the Chinese Certificate Authorities CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certifica...
Breaking down a notably sophisticated tech support scam M.O.
Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app. The cornerstone of tech support sca...
Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware
Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us...
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
How to prevent lateral movement attacks using Microsoft 365 Defender
It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools to extra...
Detecting and preventing LSASS credential dumping attacks
Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...