When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

Credit to Author: Eric Avena| Date: Thu, 29 Jul 2021 19:00:59 +0000

LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

The post When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks appeared first on Microsoft Security Blog.

Read more

BazaCall: Phony call centers lead to exfiltration and ransomware

Credit to Author: Eric Avena| Date: Thu, 29 Jul 2021 15:00:11 +0000

Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media.

The post BazaCall: Phony call centers lead to exfiltration and ransomware appeared first on Microsoft Security Blog.

Read more

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Credit to Author: Eric Avena| Date: Tue, 27 Jul 2021 16:00:17 +0000

A new approach for malware classification combines deep learning with fuzzy hashing. Fuzzy hashes identify similarities among malicious files and a deep learning methodology inspired by natural language processing (NLP) better identifies similarities that actually matter, improving detection quality and scale of deployment.

The post Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques appeared first on Microsoft Security Blog.

Read more

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Credit to Author: Eric Avena| Date: Thu, 22 Jul 2021 16:00:57 +0000

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

The post When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure appeared first on Microsoft Security Blog.

Read more

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Credit to Author: Eric Avena| Date: Wed, 14 Jul 2021 17:00:55 +0000

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.

The post Microsoft delivers comprehensive solution to battle rise in consent phishing emails appeared first on Microsoft Security Blog.

Read more

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

Credit to Author: Eric Avena| Date: Wed, 30 Jun 2021 17:00:19 +0000

We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security—opening the gates for attackers to roam untethered through an entire organization. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues.

The post Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise appeared first on Microsoft Security Blog.

Read more

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Credit to Author: Eric Avena| Date: Mon, 14 Jun 2021 16:00:44 +0000

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.

The post Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign appeared first on Microsoft Security Blog.

Read more

Breaking down NOBELIUM’s latest early-stage toolset

Credit to Author: Eric Avena| Date: Fri, 28 May 2021 21:36:17 +0000

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities.

The post Breaking down NOBELIUM’s latest early-stage toolset appeared first on Microsoft Security.

Read more