behavior monitoring – Computer Security Articles

Insights from one year of tracking a polymorphic threat

November 26, 2019 admin behavior monitoring, behavior-based machine learning, behavioral blocking and containment, cybersecurity, dexphot, fileless, Microsoft security intelligence, polymorphic malware

Credit to Author: Eric Avena| Date: Tue, 26 Nov 2019 17:00:56 +0000

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.

The post Insights from one year of tracking a polymorphic threat appeared first on Microsoft Security .

Microsoft Security

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

July 30, 2019 admin AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Microsoft security intelligence, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security .

Microsoft Security

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

July 8, 2019 admin AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security .

Microsoft Security

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

June 25, 2019 admin AI and machine learning, Antimalware Scan Interface (AMSI), behavior monitoring, behavior-based machine learning, cybersecurity, Endpoint security, heuristics, machine learning, memory scanning, Microsoft Defender ATP, next-generation protections, Threat protection, Windows Defender Antivirus, Windows Security

Credit to Author: Eric Avena| Date: Mon, 24 Jun 2019 15:00:55 +0000

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.

The post Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection appeared first on Microsoft Security .

Microsoft Security

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

September 27, 2018 admin Antimalware Scan Interface (AMSI), behavior monitoring, cybersecurity, fileless malware, Windows 10, Windows 10 in S mode, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV

Credit to Author: Windows Defender Research| Date: Thu, 27 Sep 2018 16:00:24 +0000

Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.

The post Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV appeared first on Microsoft Secure.

Microsoft Security

Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak

March 13, 2018 admin behavior monitoring, code injection, CoinMiner, cryptocurrency mining, cybersecurity, Electroneum, machine learning, MediaGet, Namecoin, smoke loader, Windows 10, Windows 10 S, Windows Defender ATP, Windows Defender AV

Credit to Author: Windows Defender Research| Date: Tue, 13 Mar 2018 22:27:06 +0000

On March 7, we reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers. Windows Defender Antivirus, with its behavior monitoring, machine learning technologies, and layered approach to security detected and blocked the attack within milliseconds.Windows 10 S, a special configuration of Windows 10 providing Microsoft-verified security,