Token tactics: How to prevent, detect, and respond to cloud token theft

Credit to Author: Paul Oliveria| Date: Wed, 16 Nov 2022 16:00:00 +0000

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.

Read more

Microsoft Security tips for mitigating risk in mergers and acquisitions

Credit to Author: Christine Barrett| Date: Wed, 02 Nov 2022 16:00:00 +0000

Mergers and acquisitions can be challenging. Microsoft’s Security Experts share what to ask before, during, and after one to secure identity, access control, and communications.

The post Microsoft Security tips for mitigating risk in mergers and acquisitions appeared first on Microsoft Security Blog.

Read more

Defenders beware: A case for post-ransomware investigations

Credit to Author: Paul Oliveria| Date: Tue, 18 Oct 2022 18:00:00 +0000

The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.

The post Defenders beware: A case for post-ransomware investigations appeared first on Microsoft Security Blog.

Read more

The art and science behind Microsoft threat hunting: Part 2

Credit to Author: Matt Thomas| Date: Wed, 21 Sep 2022 16:00:00 +0000

In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence.

The post The art and science behind Microsoft threat hunting: Part 2 appeared first on Microsoft Security Blog.

Read more

Tarrask malware uses scheduled tasks for defense evasion

Credit to Author: Paul Oliveria| Date: Tue, 12 Apr 2022 16:00:00 +0000

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, and how the malware’s evasion techniques are used to maintain and ensure persistence on systems.

The post Tarrask malware uses scheduled tasks for defense evasion appeared first on Microsoft Security Blog.

Read more

Destructive malware targeting Ukrainian organizations

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Sun, 16 Jan 2022 02:28:30 +0000

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.

The post Destructive malware targeting Ukrainian organizations appeared first on Microsoft Security Blog.

Read more

Real-life cybercrime stories from DART, the Microsoft Detection and Response Team

Credit to Author: Todd VanderArk| Date: Mon, 09 Mar 2020 16:00:23 +0000

In the new DART Case Reports, you’ll find unique stories from our team’s engagements around the globe. Read the first in the series today.

The post Real-life cybercrime stories from DART, the Microsoft Detection and Response Team appeared first on Microsoft Security.

Read more

Ghost in the shell: Investigating web shell attacks

Credit to Author: Eric Avena| Date: Tue, 04 Feb 2020 17:30:40 +0000

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.

The post Ghost in the shell: Investigating web shell attacks appeared first on Microsoft Security.

Read more