Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Credit to Author: Eric Avena| Date: Mon, 14 Jun 2021 16:00:44 +0000

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.

The post Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign appeared first on Microsoft Security Blog.

Read more

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Credit to Author: Eric Avena| Date: Thu, 04 Mar 2021 17:00:02 +0000

Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.

The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence appeared first on Microsoft Security.

Read more

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

Credit to Author: Eric Avena| Date: Thu, 14 Jan 2021 17:00:19 +0000

This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.

The post Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender appeared first on Microsoft Security.

Read more

Using Microsoft 365 Defender to protect against Solorigate

Credit to Author: Eric Avena| Date: Mon, 28 Dec 2020 17:25:16 +0000

This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment.

The post Using Microsoft 365 Defender to protect against Solorigate appeared first on Microsoft Security.

Read more

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Credit to Author: Eric Avena| Date: Mon, 30 Nov 2020 22:30:31 +0000

BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. The group’s use of coin miners was unexpected, but it was consistent with their longtime methods of blending in.

The post Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them appeared first on Microsoft Security.

Read more