Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Credit to Author: msft-mmpc| Date: Thu, 04 May 2017 16:29:18 +0000

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised…

Read more

Combating a spate of Java malware with machine learning in real-time

Credit to Author: msft-mmpc| Date: Thu, 20 Apr 2017 13:02:00 +0000

In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get real-time protection against these latest threats. Attackers are constantly changing their methods and tools. We…

Read more

Tech support scams persist with increasingly crafty techniques

Credit to Author: msft-mmpc| Date: Mon, 03 Apr 2017 12:58:02 +0000

Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used by both Microsoft Edge and Internet Explorer to block malicious sites) and Windows Defender Antivirus show that some three million users are subjected to these threats every month. In addition to being rampant, technical support scams continue to…

Read more

World Backup Day is as good as any to back up your data

Credit to Author: msft-mmpc| Date: Tue, 28 Mar 2017 21:04:31 +0000

In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger.  That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals to back up data. It must be implemented systematically, not just on World Backup Day,…

Read more

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

Credit to Author: msft-mmpc| Date: Mon, 27 Mar 2017 15:00:01 +0000

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. In this article, we…

Read more

Tax-themed phishing and malware attacks proliferate during the tax filing season

Credit to Author: msft-mmpc| Date: Mon, 20 Mar 2017 12:50:12 +0000

Tax-themed scams and social engineering attacks are as certain as (death or) tax itself. Every year we see these attacks, and 2017 is no different. These attacks circulate year-round as cybercriminals take advantage of the different country and region tax schedules, but they peak in the months leading to U.S. Tax Day in mid-April. Cybercriminals are using a variety of…

Read more

Ransomware operators are hiding malware deeper in installer packages

Credit to Author: msft-mmpc| Date: Thu, 16 Mar 2017 03:15:46 +0000

We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These changes are observed in installers that drop ransomware like Cerber, Locky, and others. Cybercriminals have…

Read more

Uncovering cross-process injection with Windows Defender ATP

Credit to Author: msft-mmpc| Date: Thu, 09 Mar 2017 06:16:01 +0000

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues to raise…

Read more

Breaking down a notably sophisticated tech support scam M.O.

Credit to Author: msft-mmpc| Date: Fri, 03 Mar 2017 05:39:41 +0000

The cornerstone of tech support scams is the deception that there is something wrong with your PC.  To advance this sham, tech support scams have long abused browsers’ full screen function. Coupled with dialogue loops, the pop-up messages that just won’t go away, and the spoofing of brands like Microsoft, tech support scam websites can…

Read more

MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite

Credit to Author: msft-mmpc| Date: Wed, 22 Feb 2017 22:45:06 +0000

In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection…

Read more

Ransomware: a declining nuisance or an evolving menace?

Credit to Author: msft-mmpc| Date: Tue, 14 Feb 2017 21:56:15 +0000

The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of unique families released into the wild, and the improvements in malware code reveals otherwise. Ransomware was arguably the biggest security story of 2016….

Read more