Microsoft security intelligence Archives - Page 14 of 20

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?
The post Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

January 14, 2021 TH Author

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.
The post Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

December 28, 2020 TH Author

Using Microsoft 365 Defender to protect against Solorigate

This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment.
The post Using Microsoft 365 Defender to protect against Solorigate appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

December 21, 2020 TH Author

Advice for incident responders on recovery from systemic identity compromises

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.
The post Advice for incident responders on recovery from systemic identity compromises appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

December 18, 2020 TH Author

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and protections we have built in as a result. While the full extent of…
The post Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

December 17, 2020 TH Author

Collaborative innovation on display in Microsoft’s insider risk management strategy

Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals.
The post Collaborative innovation on display in Microsoft’s insider risk management strategy appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

December 10, 2020 TH Author

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages and affects multiple browsers.
The post Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

December 9, 2020 TH Author

EDR in block mode stops IcedID cold

Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. Learn how it stopped an IcedID attack.
The post EDR in block mode stops IcedID cold appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

October 12, 2020 TH Author

Trickbot disrupted

Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to take down key Trickbot infrastructure.
The post Trickbot disrupted appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

October 8, 2020 TH Author

Sophisticated new Android malware marks the latest evolution of mobile ransomware

We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.
The post Sophisticated new Android malware marks the latest evolution of mobile ransomware appeared first on Microsoft Security. READ MORE HERE…