Business email compromise campaign targets wide range of orgs with gift card scam

Read our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft targeting the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.
The post Business email compromise campaign targets wide range of orgs with gift card scam appeared first on Microsoft Security. READ MORE HERE…

Read more

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

Microsoft is happy to have contributed and worked closely with the Center for Threat-Informed Defense and other partners to develop the MITRE ATT&CK® for Containers matrix.
The post Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix appeared first on Microsoft Security. READ MORE HERE…

Read more

Investigating a unique “form” of email delivery for IcedID malware

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware.
The post Investigating a unique “form” of email delivery for IcedID malware appeared first on Microsoft Security. READ MORE HERE…

Read more

Gamifying machine learning for stronger security and AI models

We are open sourcing the Python source code of a research toolkit we call CyberBattleSim, an experimental research project that investigates how autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts.
The post Gamifying machine learning for stronger security and AI models appeared first on Microsoft Security. READ MORE HERE…

Read more

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

A probabilistic graphical modeling framework used by Microsoft 365 Defender research and intelligence teams for threat actor tracking enables us to quickly predict the likely threat group responsible for an attack, as well as the likely next attack stages.
The post Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting appeared first on Microsoft Security. READ MORE HERE…

Read more

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.
The post New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats appeared first on Microsoft Security. READ MORE HERE…

Read more

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. As organizations recover from this incident, we continue to publish guidance and share threat intelligence to help detect and evict threat actors from affected environments.
The post Analyzing attacks taking advantage of the Exchange Server vulnerabilities appeared first on Microsoft Security. READ MORE HERE…

Read more

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update.
The post Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus appeared first on Microsoft Security. READ MORE HERE…

Read more

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.
The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence appeared first on Microsoft Security. READ MORE HERE…

Read more

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

We have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4.0 (XLM) macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros.
The post XLM + AMSI: New runtime defense against Excel 4.0 macro malware appeared first on Microsoft Security. READ MORE HERE…

Read more