Friday, April 26, 2024
Latest:

human-operated ransomware

Microsoft Secure 

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

TH Author , , , , , ,

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
The post Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Automatic disruption of human-operated attacks through containment of compromised user accounts

TH Author ,

User containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. We’ve added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint. User containment is automatically triggered by high-fidelity signals and limits attackers’ ability to move laterally within a network regardless of the compromised account’s Active Directory state or privilege level.
The post Automatic disruption of human-operated attacks through containment of compromised user accounts appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Stopping C2 communications in human-operated ransomware through network protection

TH Author , , , , , , , ,

Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
The post Stopping C2 communications in human-operated ransomware through network protection appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

The many lives of BlackCat ransomware

TH Author , , , ,

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
The post The many lives of BlackCat ransomware appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

TH Author , , , , ,

The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders.
The post Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

TH Author , , , , ,

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.
The post Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

AI-driven adaptive protection against human-operated ransomware

TH Author , , , , , ,

We developed a cloud-based machine learning system that, when queried by a device, intelligently predicts if it is at risk, then automatically issues a more aggressive blocking verdict to protect the device, thwarting an attacker’s next steps.
The post AI-driven adaptive protection against human-operated ransomware appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

TH Author , , , , , ,

A probabilistic graphical modeling framework used by Microsoft 365 Defender research and intelligence teams for threat actor tracking enables us to quickly predict the likely threat group responsible for an attack, as well as the likely next attack stages.
The post Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Sophisticated new Android malware marks the latest evolution of mobile ransomware

TH Author , , , , , ,

We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.
The post Sophisticated new Android malware marks the latest evolution of mobile ransomware appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware

TH Author , , , , , , , , , , , , , , ,

Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
The post The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware appeared first on Microsoft Security. READ MORE HERE…

Read more