The art and science behind Microsoft threat hunting: Part 2

In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence.
The post The art and science behind Microsoft threat hunting: Part 2 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Tarrask malware uses scheduled tasks for defense evasion

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, and how the malware’s evasion techniques are used to maintain and ensure persistence on systems.
The post Tarrask malware uses scheduled tasks for defense evasion appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Destructive malware targeting Ukrainian organizations

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
The post Destructive malware targeting Ukrainian organizations appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

How to investigate service provider trust chains in the cloud

This blog outlines DART’s recommendations for incident responders to investigate potential abuse of these delegated admin permissions, independent of the threat actor.
The post How to investigate service provider trust chains in the cloud appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Protect your business from password sprays with Microsoft DART recommendations

This blog discusses DART’s investigation techniques and approach to responding to password spray attacks while outlining recommendations for protecting against them.
The post Protect your business from password sprays with Microsoft DART recommendations appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

A guide to combatting human-operated ransomware: Part 2

In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack.
The post A guide to combatting human-operated ransomware: Part 2 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

A guide to combatting human-operated ransomware: Part 1

As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
The post A guide to combatting human-operated ransomware: Part 1 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Web shell attacks continue to rise

A year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated. Read our investigation into the escalating prevalence of web shells.
The post Web shell attacks continue to rise appeared first on Microsoft Security. READ MORE HERE…

Read more

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.
The post A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture appeared first on Microsoft Security. READ MORE HERE…

Read more

Microsoft Office 365—Do you have a false sense of cloud security?

Security is not just flipping the switch of security features to “on” and think you are done. DART explores the concept of having a false sense of security when securing your cloud environments.
The post Microsoft Office 365—Do you have a false sense of cloud security? appeared first on Microsoft Security. READ MORE HERE…

Read more