Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 10 Nov 2022 17:00:00 +0000
At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.
The post Microsoft threat intelligence presented at CyberWarCon 2022 appeared first on Microsoft Security Blog.
Read moreCredit to Author: Katie McCafferty| Date: Thu, 03 Nov 2022 16:00:00 +0000
Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
The post Stopping C2 communications in human-operated ransomware through network protection appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Thu, 27 Oct 2022 16:00:00 +0000
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
The post Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity appeared first on Microsoft Security Blog.
Read moreCredit to Author: Katie McCafferty| Date: Tue, 25 Oct 2022 16:00:00 +0000
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
The post DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Fri, 21 Oct 2022 16:00:00 +0000
South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today. According to South Staffordshire, the breach did not appear to have caused damage to…
The post Securing IoT devices against attacks that target critical infrastructure appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Tue, 18 Oct 2022 18:00:00 +0000
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
The post Defenders beware: A case for post-ransomware investigations appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Fri, 14 Oct 2022 19:00:00 +0000
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
The post New “Prestige” ransomware impacts organizations in Ukraine and Poland appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Wed, 05 Oct 2022 16:00:00 +0000
LSASS credential dumping is becoming prevalent, especially with the rise of human-operated ransomware. In May 2022, Microsoft participated in an evaluation conducted by AV-Comparatives specifically on detecting and blocking this attack technique and we’re happy to report that Microsoft Defender for Endpoint achieved 100% detection and prevention scores.
The post Detecting and preventing LSASS credential dumping attacks appeared first on Microsoft Security Blog.
Read more