Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.

Refine Results

Filtered by

Clear All

Research

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Prevent threats with Microsoft Defender

The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.

Explore products
June 10, 2020

8 min read

Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement

Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
May 8, 2020

4 min read

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

Researchers from Microsoft Threat Protection Intelligence Team and Intel Labs collaborated to study the application of deep transfer learning technique from computer vision to static malware classification.
April 28, 2020

13 min read

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020.
April 2, 2020

1 min read

Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team

Today, we’re glad to share DART Case Report 002—Full Operational Shutdown.
Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Get started
April 1, 2020

5 min read

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

Microsoft identified several dozens of hospitals with vulnerable gateway and VPN appliances.
March 23, 2020

6 min read

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

Astaroth is back sporting significant changes.
March 17, 2020

8 min read

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Secured-core PCs combine virtualization, operating system, and hardware and firmware protection.
March 9, 2020

6 min read

Behavioral blocking and containment: Transforming optics into protection

Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress.
Modernize your Security Operations Center with Microsoft Sentinel

Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.

Learn more
March 5, 2020

19 min read

Human-operated ransomware attacks: A preventable disaster

In human-operated ransomware attacks, adversaries exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.
February 4, 2020

5 min read

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
January 21, 2020

5 min read

sLoad launches version 2.0, Starslord

sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.
December 18, 2019

13 min read

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.