Healthcare organizations are an attractive target for ransomware attacks. Read our latest blog post to learn why and get strategies to protect yourself from cyberthreats.
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment.
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group.
User containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. We’ve added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint.
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors.
Microsoft Defender is our toolset for prevention and mitigation of data exfiltration and ransomware attacks. Microsoft Purview data security offers important mitigations as well and should be used as part of a defense-in-depth strategy.
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents.
Tanya Janca, Founder and Chief Executive Officer of We Hack Purple, shares insights on application security and offers strategies to protect against data loss from ransomware attacks.
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
