Detecting credential theft through memory access modelling with Microsoft Defender ATP

Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual known tools as is often done by traditional...

New machine learning model sifts through the good to unearth the bad in evasive malware

We continuously harden machine learning protections against evasion and adversarial attacks. One of the latest innovations in our protection technology is the addition of a class of hardened malware detection machine learning models called monotonic models to Microsoft Defender ATP's Antivirus...

Microsoft gains strong customer and analyst momentum in the Cloud Access Security Brokers (CASB) market

After a strong year of product updates and innovations, were excited to so see that Microsoft jumped into the Challenger position in Gartners 2018 Magic Quadrant for Cloud Access Security Brokers CASB and solidified its leadership position in KuppingerColes 2018 Leadership Compass in the same...

CISO series: Strengthen your organizational immune system with cybersecurity hygiene

One of the things I love about my job is the time I get to spend with security professionals, learning firsthand about the challenges of managing security strategy and implementation day to day. There are certain themes that come up over and over in these conversations. My colleague Ken Malcolmso...

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices...

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection Microsoft Defender ATP employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land...

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

I'm excited to announce that Microsoft’s Threat & Vulnerability Management solution is generally available as of June 30! We have been working closely with customers for more than a year to incorporate their real needs and feedback to better address vulnerability management. Our goal is to empowe...

How Microsoft 365 Security integrates with your broader IT ecosystem—part 2

Todays post was coauthored by Debraj Ghosh, Senior Product Marketing Manager, and Diana Kelley, Cybersecurity Field CTO. In part 1 of our blog series, we shared the Microsoft 365 Security strategy for integrating with the broader security community. Today, we cover the services Microsoft 365...

Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness

The “Lessons learned from the Microsoft SOC” blog series is designed to share our approach and experience with security operations center SOC operations, so you can use what we learned to improve your SOC. The learnings in the series come primarily from Microsoft’s corporate IT security operation...

The evolution of Microsoft Threat Protection, November update

At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure Figure 1. The foundation of the solution is the Microsoft Intelligent Security Graph, which...

How Office 365 protects your organization from modern phishing campaigns

This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security. We often allude to the benefits of having an integrated threat protection stack in Office 365. Today we wanted to take the opportunity to walk you through how the combined features and services in the...

Human-operated ransomware attacks: A preventable disaster

Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ...

Azure Sphere—Microsoft’s answer to escalating IoT threats—reaches general availability

Today Azure Sphere—Microsoft’s integrated security solution for IoT devices and equipment—is widely available for the development and deployment of secure, connected devices. Azure Sphere’s general availability milestone couldn’t be timelier. From consumer device hacking and botnets to nation sta...

The evolution of Microsoft Threat Protection, June update

Since our announcement of Microsoft Threat Protection at Microsoft Ignite, our goal has been to execute and deliver on our promise of helping organizations protect themselves from today’s sophisticated and complex threat landscape. As we close out our fiscal year, we’ve continued progress on...

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted public sector institutions and...

Protect your data in files, apps, and devices

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog, Enable yo...

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0196 is now tracked as Carmine Tsunami. To learn more about this evolution, how the new taxonomy represents the origin, unique traits, and impact of threat...

Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution

Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data Bloomberg, Facebook, LinkedIn, etc. must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterpris...

Foundations of Flow—secure and compliant automation, part 2

In part 1 of this series, we introduced you to Microsoft Flow, a powerful automation service already being used by many organizations across the world. Flow is designed to empower citizen developers while featuring capabilities sought for by professional developers. Flow is also a foundational...

Be careful of data without context: The case of malware scanning of journaled emails

Recently, we shared details on how effectiveness is measured for Office 365 Exchange Online Protection EOP and Advanced Threat Protection ATP. We also followed up with a comprehensive update on Office 365s improved ability to stop phishing emails from impacting users. These reports highlighted:...

Secure file storage

This is a blog series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Collaborate Securely, the fifth...

Uncovering Linux based cyberattack using Azure Security Center

As more and more enterprises move to the cloud, they also bring their own set of security challenges. Today, almost half of Azure virtual machines VMs are running on Linux, and as the Linux server population grows, so are the attacks targeting them. As detection capabilities advance, attackers ar...

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center MSTIC first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technolog...

How to avoid getting caught in a “Groundhog Day” loop of security issues

It’s Cyber Security Awareness Month and it made me think about one of my favorite movies, called Groundhog Day. Have you ever seen it? Bill Murray is the cynical weatherman, Phil Connors, who gets stuck in an endless loop where he repeats the same day over and over again until he “participates in...

CISO series: Lessons learned from the Microsoft SOC—Part 3a: Choosing SOC tools

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center SOC operations. Our learnings in the series come primarily from Microsoft’s corporate IT security operation team, one of several specialized teams in the Microso...

New FastTrack benefit: Deployment support for Co-management on Windows 10 devices

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog Getting th...

Now that you have a plan, it’s time to start deploying

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog First...

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that used adversary-in-the-middle AiTM phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication MFA. The attackers then used the stolen credentials and session...

How to prevent phishing attacks that target your customers with DMARC and Office 365

You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance DMARC, your organization is open to the phishing attacks that target your...

Improve security and simplify operations with Windows Defender Antivirus + Morphisec

My team at Morphisec a Microsoft Intelligent Security Association MISA partner often talks with security professionals who are well-informed about the latest cyberthreats and have a longterm security strategy. The problem many of them face is how to create a stronger endpoint stack with limited...

Decentralized identity and the path to digital privacy

Security is the central challenge of the digital age. Our digital lives have moved into the cloud. People now use multiple devices to connect to multiple applications through many different networks. Just about everything is connected to the internet, where threats remain constant and evolving. I...

Cybersecurity threats: How to discover, remediate, and mitigate

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog, Protect...

Protecting the protector: Hardening machine learning defenses against adversarial attacks

Harnessing the power of machine learning and artificial intelligence has enabled Windows Defender Advanced Threat Protection Windows Defender ATP next-generation protection to stop new malware attacks before they can get started often within milliseconds. These predictive technologies are central...

Operational resilience in a remote work world

Microsoft CEO Satya Nadella recently said, “We have seen two years’ worth of digital transformation in two months.” This is a result of many organizations having to adapt to the new world of document sharing and video conferencing as they become distributed organizations overnight. At Microsoft, ...

Guide to Developing a National Cybersecurity Strategy—a resource for policymakers to respond to cybersecurity challenges

Nations from every corner of the world are increasingly leveraging digital transformation to grow their economies and empower businesses to improve services, including vital services provided by critical infrastructures. This adoption of new information communications technologies ICT has...

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and...

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

Advancing Windows 10 as a passwordless platform

Passwords can be frustrating, difficult to remember, and easily hacked or stolen. That’s why our vision for Windows is one of a passwordless platform—a world where users don’t have to deal with the pains of a password. With the release of Windows 10, version 1903, we’re bringing Windows 10 closer...

Tapping the intelligent cloud to make security better and easier

There has been a distinct shift in my conversations with customers over the last year. Most have gone from asking can we still keep our assets secure as we adopt cloud services?, to declaring, we are adopting cloud services in order to improve our security posture. The driving factor is generally...

Behavioral blocking and containment: Transforming optics into protection

In today’s threat landscape—overrun by fileless malware that live off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, human-operated attacks that adapt to what adversaries find on compromised machines, and other sophisticated threats—behavioral...

Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant

Our mission as a company is to empower every person on the planet to achieve more. We deliver on that mission through products that achieve the highest marks in the industry, which we believe is inclusive of Gartner’s Magic Quadrant. We have been on a journey for the last several years working ha...

How to cost-effectively manage and secure a mobile ecosystem

Today’s post was written by Roxane Suau, Vice President of Marketing for Pradeo. In the corporate environment, mobile devices and applications are at the center of communications, enhancing collaborators’ productivity with 24/7 access to information. But at the same time, they represent thousands...

Step 1. Identify users: top 10 actions to secure your environment

This series outlines the most fundamental steps you can take with your investment in Microsoft 365 security solutions. Well provide advice on activities such as setting up identity management through active directory, malware protection, and more. In this post, we explain how to create a single...

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be...

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

The opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example,...

Voice of the Customer: Walmart embraces the cloud with Azure Active Directory

Todays post was written by Sue Bohn, partner director of Program Management and Ben Byford and Gerald Corson, senior directors of Identity and Access Management at Walmart. Greetings! Im Sue Bohn, partner director of Program Management at Microsoft. Im an insatiable, lifelong learner and I lead t...

Get deeper into security at Microsoft Ignite 2018

This year at Microsoft Ignite, we will be making some exciting announcementsfrom new capabilities for identity management and information protection to powerful artificial intelligence AI innovations that can help you stay ahead of an often overwhelming surge in threats and security alerts. Join ...

Partnering with the industry to minimize false positives

Every day, antivirus capabilities in Windows Defender Advanced Threat Protection Windows Defender ATP protect millions of customers from threats. To effectively scale protection, Windows Defender ATP uses intelligent systems that combine multiple layers of machine learning models, behavior-based...

Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

The Microsoft Cybersecurity Reference Architecture describes Microsofts cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you...