Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.

Refine Results

Filtered by

Clear All

Research

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Prevent threats with Microsoft Defender

The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.

Explore products
May 17, 2022

14 min read

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The rise in cryptocurrency market capitalization paved the way to the emergence of threats Microsoft security researchers are referring to as “cryware”—information stealers focused on gathering and exfiltrating data from non-custodial cryptocurrency wallets.
May 11, 2022

5 min read

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders.
May 9, 2022

37 min read

Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion.
April 26, 2022

9 min read

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints.
Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Get started
April 13, 2022

17 min read

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure.
April 12, 2022

7 min read

Tarrask malware uses scheduled tasks for defense evasion

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique.
April 5, 2022

6 min read

Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

For the fourth consecutive year, Microsoft 365 Defender demonstrated industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations.
April 4, 2022

12 min read

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

Microsoft provides guidance for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell.
Modernize your Security Operations Center with Microsoft Sentinel

Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.

Learn more
March 31, 2022

5 min read

Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations

For the fourth year in a row, the independent MITRE Engenuity ATT&CK® Evaluations demonstrated that threats are no match for Microsoft’s multi-platform extended detection and response (XDR) defense capabilities.
March 22, 2022

18 min read

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$.
March 16, 2022

6 min read

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure.
February 25, 2022

4 min read

MSTICPy January 2022 hackathon highlights

In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy.