On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States. The trend towards increasingly sophisticated malware behavior, highlighted by the […]
On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know as WannaCrypt, which targeted a large number of out-of-date systems and held encrypted files for […]
In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation.
Technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims.
On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these […]
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues […]
The cornerstone of tech support scams is the deception that there is something wrong with your PC. To advance this sham, tech support scams have long abused browsers' full screen function.
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg.
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for […]
Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. This is part of our continued efforts to tackle entire classes of threats. Learn more: Office VBA + AMSI: Parting the veil on malicious macros In response to […]
