Incident response Insights | Microsoft Security Blog

News

Incident response

Microsoft Incident Response
Published Oct 26

4 minutes
An integrated incident response solution with Microsoft and PwC
Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability. In this partnership, Microsoft IR will begin the initial containment and investigation of a cyber incident, while PwC will work on securely rebuilding and restoring mission-critical system, providing customers with a more comprehensive and seamless incident response experience.
Research

Threat intelligence

Microsoft Incident Response

Threat actors
Published Oct 25

17 minutes
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
Best practices

Incident response

Microsoft Incident Response
Published Aug 15

8 minutes
How the Microsoft Incident Response team helps customers remediate threats
Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery.
Research

Incident response

Microsoft Incident Response

Ransomware
Published Jul 6

18 minutes
The five-day job: A BlackByte ransomware intrusion case study
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Best practices

Incident response

Microsoft Incident Response

Cybercrime
Published Jun 29

3 minutes
Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.

Streamline privacy management with Microsoft Priva

Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

Learn more

Best practices

Incident response

Microsoft Security Experts
Published Jun 6

6 minutes
Why a proactive detection and incident response plan is crucial for your organization
Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
Best practices

Incident response

Microsoft Incident Response
Published Apr 26

3 minutes
Healthy security habits to fight credential breaches: Cyberattack Series
This is the second in an ongoing series exploring some of the most notable cases of the Microsoft Incident Response Team. In this story, we’ll explore how organizations can adopt a defense-in-depth security posture to help protect against credential breaches and ransomware attacks.
Research

Incident response

Threat actors
Published Apr 11

8 minutes
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
News

Incident response

Microsoft Security Experts
Published Mar 27

5 minutes
Microsoft Incident Response Retainer is generally available
Microsoft Security is expanding its incident response presence and we’re excited to announce the Microsoft Incident Response Retainer is now generally available.

Streamline privacy management with Microsoft Priva

Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

Learn more

Research

Incident response

Microsoft Incident Response

Attacker techniques, tools, and infrastructure
Published Mar 24

19 minutes
Guidance for investigating attacks using CVE-2023-23397
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.