Defending Exchange servers under attack

Credit to Author: Eric Avena| Date: Wed, 24 Jun 2020 16:00:40 +0000

Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.

The post Defending Exchange servers under attack appeared first on Microsoft Security.

Read more

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

Credit to Author: Eric Avena| Date: Mon, 23 Mar 2020 16:00:01 +0000

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.

The post Latest Astaroth living-off-the-land attacks are even more invisible but not less observable appeared first on Microsoft Security.

Read more

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Credit to Author: Eric Avena| Date: Thu, 12 Dec 2019 17:30:26 +0000

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of the Windows operating system that provides an ability to transfer files in an asynchronous and…

The post Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities appeared first on Microsoft Security.

Read more

SophosLabs surveys the threat landscape for 2020 trends

Credit to Author: Andrew Brandt| Date: Tue, 05 Nov 2019 13:50:31 +0000

SophosLabs this morning published its annual assessment on the state of internet and information security, and our outlook on what security threats are likely to affect the world in the coming year: the SophosLabs 2020 Threat Report, available for download now. This year, our report broadens the scope of our analysis to cover topics beyond [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/tFcwsfiM20g” height=”1″ width=”1″ alt=””/>

Read more

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security.

Read more

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security.

Read more