Credit to Author: Windows Defender ATP| Date: Wed, 04 Apr 2018 15:00:18 +0000
Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected customers from a massive Dofoil outbreak that we traced back to a software update poisoning campaign several
Read moreCredit to Author: Windows Defender ATP| Date: Thu, 22 Mar 2018 16:58:23 +0000
Statistics about the success and sophistication of malware can be daunting. The following figure is no different: Approximately 96% of all malware is polymorphic meaning that it is only experienced by a single user and device before it is replaced with yet another malware variant. This is because in most cases malware is caught
Read moreCredit to Author: Windows Defender Research| Date: Tue, 13 Mar 2018 22:27:06 +0000
On March 7, we reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers. Windows Defender Antivirus, with its behavior monitoring, machine learning technologies, and layered approach to security detected and blocked the attack within milliseconds.Windows 10 S, a special configuration of Windows 10 providing Microsoft-verified security,
Read moreCredit to Author: Windows Defender ATP| Date: Wed, 24 Jan 2018 14:00:21 +0000
Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileless techniques as part of their kill chains. The idea behind fileless malware is simple: If tools already exist on a device
Read moreCredit to Author: Windows Defender ATP| Date: Wed, 10 Jan 2018 14:00:31 +0000
Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making real-world impact, affecting corporate networks and bringing down critical services like hospitals,
Read moreCredit to Author: Windows Defender ATP| Date: Mon, 04 Dec 2017 23:06:44 +0000
Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet. The disruption is the culmination of a journey that started in
Read moreCredit to Author: Windows Defender ATP| Date: Mon, 04 Dec 2017 14:00:07 +0000
Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for living off the landstaying away from the
Read moreCredit to Author: msft-mmpc| Date: Thu, 04 May 2017 16:29:18 +0000
Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised…
Read more