fileless Archives - ThreatsHub Cybersecurity News

Defending Exchange servers under attack

June 24, 2020 TH Author behavioral blocking and containment, Cybersecurity, Exchange Server, fileless, living-off-the-land, Microsoft security intelligence, Threat protection, web shell

Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.
The post Defending Exchange servers under attack appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

March 23, 2020 TH Author Alternate Data Streams (ADS), Astaroth, behavioral blocking and containment, Cybersecurity, Endpoint security, fileless, info-stealing malware, living-off-the-land, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, ransomware, Security Intelligence, Threat protection, WMIC

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
The post Latest Astaroth living-off-the-land attacks are even more invisible but not less observable appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Insights from one year of tracking a polymorphic threat

November 26, 2019 TH Author behavior monitoring, behavior-based machine learning, behavioral blocking and containment, Cybersecurity, Dexphot, fileless, Microsoft security intelligence, Polymorphic malware

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
The post Insights from one year of tracking a polymorphic threat appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

September 26, 2019 TH Author AI and machine learning, Cybersecurity, Endpoint security, fileless, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, Nodersok, Security Intelligence

A new fileless malware campaign we dubbed Nodersok delivers two very unusual LOLBins to turn infected machines into zombie proxies.
The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

July 8, 2019 TH Author AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, Cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory
The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security. READ MORE HERE…