{"id":24103,"date":"2024-03-06T21:00:42","date_gmt":"2024-03-07T05:00:42","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/03\/06\/news-17833\/"},"modified":"2024-03-06T21:00:42","modified_gmt":"2024-03-07T05:00:42","slug":"news-17833","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/03\/06\/news-17833\/","title":{"rendered":"Defend against human-operated ransomware attacks with Microsoft Copilot for Security\u200b\u200b"},"content":{"rendered":"

Credit to Author: Microsoft Security for Copilot Team| Date: Mon, 04 Mar 2024 17:00:00 +0000<\/strong><\/p>\n

Organizations everywhere are seeing an increase in human-operated ransomware<\/a> threats, with Microsoft\u2019s own telemetry showing a 200% increase in threats since September 2022.1<\/sup> When an entire organization is attacked, they need every advantage they can get to protect against skilled, coordinated cyber threats. The availability of Microsoft Copilot for Security<\/a>, brings SecOps teams a new tool with the power of generative AI to help outpace and outsmart threat actors. In the following demonstration videos, we take a detailed, step-by-step look at how it can help surface, contain, and mitigate a human-operated ransomware attack.\u00a0<\/p>\n

\n
\n
\n
\t\t\t\t\t\"logo,\t\t\t\t<\/div>\n
\n
\n

Microsoft Copilot for Security<\/h2>\n
\n

Powerful new capabilities, new integrations, and\u00a0industry-leading generative\u00a0AI.<\/p>\n<\/p><\/div>\n

\t\t\t\t\t\t\t \t\t\t\t\t\t\t\tLearn more<\/span> \t\t\t\t\t\t\t\t<\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

The power of Microsoft Defender XDR with Microsoft Copilot for Security\u202f <\/h2>\n

Microsoft Defender XDR<\/a> coordinates detection, prevention, investigation, and response across endpoints, identities, email applications, and the cloud to provide integrated protection against sophisticated ransomware threats. In this series of demonstration videos, we share real-world scenarios where Copilot is helping SecOps teams navigate threat detection, investigation, and managed response. To begin, we look at a situation where a human-operated ransomware attack has just taken place.\u202fThe incident started with suspicious activity on two devices, where a credential theft tool was detected and stopped by automatic attack disruption<\/a> within Microsoft Defender XDR. <\/p>\n

Watch the video: (Humor) Human Operate Ransomware<\/a>\u00a0<\/p>\n

Respond at the speed and scale of AI\u202f\u202f <\/h2>\n

Bad actors can move through a system with damaging speed. And with the ever-increasing frequency and sophistication of attacks\u2014paired with the ongoing shortage of security talent\u2014it can be difficult for leaders to staff security teams completely. When every second counts\u2014like during an active ransomware incident\u2014Copilot for Security brings together critical context so security professionals can share clear, concise, and comprehensive summaries of active incidents\u2014giving affected parties a deep understanding of the situation, even when an incident happens after business hours. With the power of AI, Copilot is helping analysts write up these incident narratives 90% faster than in the past.2<\/sup>  <\/p>\n

\n
\n

\t\t\tEndpoint Security\t\t<\/p>\n

\t\t \t\t\tLearn more<\/span> <\/span> \t\t<\/a> \t<\/div>\n<\/p><\/div>\n

In the case of this human-operated ransomware incident, Microsoft Defender for Endpoints<\/a> had the first alert, detecting possible human operated malicious activity on a device. Many complex and sophisticated attacks like ransomware use scripts and tools like PowerShell and Mimikatz to access and manipulate files, tamper with system recovery settings, and delete file backups. In this incident, attackers also attempted to access Primary Refresh Tokens (PRT) and used Windows Sysinternals tools for evasion. But with line-by-line script examination in Copilot, security analysts could immediately understand what each section of code does, to quickly identify a script as malicious or benign. This Copilot capability directly helps junior security analysts “upskill” their expertise by learning the context behind the code.\u202f\u202f\u202f <\/p>\n

Gain critical incident context\u202f <\/h2>\n

When faced with a complex attack, Copilot for Security can help analysts understand what\u2019s happening quickly, so they can protect and defend their organization at machine speed and scale. In an examination of the same ransomware incident, our next demonstration video shows how the Copilot incident summary focused in on a PowerShell script, leading analysts to a critical piece of the incident puzzle.  <\/p>\n

Watch the video: <\/strong><\/em><\/strong>Defender Embed to Standalone Copilot\u202f<\/a>\u00a0<\/p>\n

\u202fWithout enough time and without PowerShell expertise, it could be difficult for a security analyst to fully understand the ramifications of an attack like this. But this is where Copilot can help\u2014it quickly analyzes the PowerShell script, providing a plain English explanation of key steps within it. This helps analysts gain a full understanding of the incident and prioritize the containment and mitigation work that matters most. Copilot also works with Microsoft Defender Threat Intelligence<\/a> to investigate the script hosting, determine it’s malicious and share evidence connecting the script to a known threat actor. Moving from Microsoft Defender to the stand alone Copilot experience allows analysts to connect to Microsoft Sentinel<\/a> and Microsoft Intune<\/a>, surfacing a key piece of information in this serious incident\u2014a device that was noncompliant with current security policies, missing a key compliance update that may have prevented this attack. In just a few minutes, Copilot surfaced the right information to provide remediation steps and advance organizational understanding to proactively prepare for (and hopefully prevent) future attacks.   <\/p>\n

Augment critical expertise\u202fand upskill analysts <\/h2>\n

In our last demonstration video, we look at how security teams can utilize Copilot to stretch their skill sets, understand incidents more completely, and gain an extra hand when resources are hard to come by.\u00a0<\/p>\n

Watch the video: User account research<\/a><\/p>\n

Copilot for Security enables junior security analysts to complete more complex tasks with skills like natural language to Kusto Query Language translation and malicious script analysis. In this ransomware incident, analysts used Copilot to generate a PowerShell script to validate the configuration of all affected systems. By then looking at a compromised device, analysts learn the source of the compromise and discover the device wasn\u2019t compliant because it was mis-grouped when it was first assigned. With this information and more, surfaced and organized at the speed of AI by Copilot, analysts now have a more complete understanding of how the ransomware attack happened and how it can be prevented in the future. When a single ransomware incident can turn any organization upside down, security analysts can lean on Copilot for global threat intelligence, industry best practices, and tailored insights to outpace and outsmart adversaries. <\/p>\n

Learn more <\/h2>\n

Join us online<\/a> at Microsoft Secure on March 13, 2024, to discover new ways to try Microsoft Copilot for Security. Experience world-class threat intelligence, end-to-end protection, and industry-leading, responsible AI through hands-on demos. And register now<\/a> for our three-part webinar series \u201cIntro to Microsoft Copilot for Security<\/a>.\u201d The first of three webinars takes place on March 19th<\/sup> on the basics of generative AI, followed by the second webinar on March 26th<\/sup> about how to get started with Copilot for Security. And lastly, the third webinar will take place on April 2nd<\/sup> and delves into Copilot for Security best practices. <\/p>\n

Learn more<\/a> about how Microsoft Copilot for Security can help your team protect at the speed and scale of AI. And for more helpful tips and information, view the Copilot for Security Playlist<\/a> on the Microsoft Security Channel<\/a> on YouTube.\u202f <\/p>\n

\u200b\u200bTo learn more about Microsoft Security solutions, visit our\u202fwebsite.<\/a>\u202fBookmark the\u202fSecurity blog<\/a>\u202fto keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security<\/a>) and X (@MSFTSecurity<\/a>)\u202ffor the latest news and updates on cybersecurity. <\/p>\n

\n

1<\/sup>Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider<\/a><\/p>\n

2<\/sup> Randomized Controlled Trial for Microsoft Security Copilot<\/a>, Benjamin G. Edelman, James Bono, Sida Peng, Roberto Rodriguez, Sandra Ho. November 29, 2023.<\/p>\n

The post Defend against human-operated ransomware attacks with Microsoft Copilot for Security\u200b\u200b<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n

https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Microsoft Security for Copilot Team| Date: Mon, 04 Mar 2024 17:00:00 +0000<\/strong><\/p>\n

\u200bHuman-operated ransomware attacks are on the rise. See real-world examples of how Microsoft Copilot for Security helps SecOps teams defend their organizations against financial and reputational damage. <\/p>\n

The post Defend against human-operated ransomware attacks with Microsoft Copilot for Security\u200b\u200b<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-24103","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24103"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24103\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}