living-off-the-land Archives - ThreatsHub Cybersecurity News

Defending Exchange servers under attack

June 24, 2020 TH Author behavioral blocking and containment, Cybersecurity, Exchange Server, fileless, living-off-the-land, Microsoft security intelligence, Threat protection, web shell

Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.
The post Defending Exchange servers under attack appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

March 23, 2020 TH Author Alternate Data Streams (ADS), Astaroth, behavioral blocking and containment, Cybersecurity, Endpoint security, fileless, info-stealing malware, living-off-the-land, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, ransomware, Security Intelligence, Threat protection, WMIC

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
The post Latest Astaroth living-off-the-land attacks are even more invisible but not less observable appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

December 12, 2019 TH Author alternative protocol, BITS, Cybersecurity, Endpoint security, living-off-the-land, Microsoft security intelligence, sload

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of the Windows operating system that provides an ability to transfer files in an asynchronous and…
The post Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

July 8, 2019 TH Author AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, Cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory
The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security. READ MORE HERE…