Microsoft security intelligence

Security research, threat intelligence, and Microsoft Threat Protection news.

Featured image for Ghost in the shell: Investigating web shell attacks

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
Read more Ghost in the shell: Investigating web shell attacks
Featured image for sLoad launches version 2.0, Starslord

sLoad launches version 2.0, Starslord

sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.
Read more sLoad launches version 2.0, Starslord
Featured image for Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.
Read more Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
Featured image for Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS.
Read more Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Image of security workers in an office. Featured image for GALLIUM: Targeting global telecom

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers.
Read more GALLIUM: Targeting global telecom
Featured image for The quiet evolution of phishing

The quiet evolution of phishing

In 2019, we saw phishing attacks reach new levels of creativity and sophistication. Read about the most notable phishing techniques we spotted in the past year.
Read more The quiet evolution of phishing
Featured image for Insights from one year of tracking a polymorphic threat

Insights from one year of tracking a polymorphic threat

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
Read more Insights from one year of tracking a polymorphic threat
Featured image for Going in-depth on the Windows 10 random number generation infrastructure

Going in-depth on the Windows 10 random number generation infrastructure

We are happy to release to the public The Windows 10 random number generation infrastructure white paper, which provides details about the Windows 10 pseudo-random number generator (PRNG) infrastructure, and lists the primary RNG APIs. The whitepaper also explains how the entropy system works, what the entropy sources are, and how initial seeding works.
Read more Going in-depth on the Windows 10 random number generation infrastructure
Featured image for Rethinking cyber learning—consider gamification

Rethinking cyber learning—consider gamification

Gamified cybersecurity solutions offer immense promise by giving users practical, hands-on opportunities to learn by doing. Microsoft and Circadence are partnering to deliver Azure-hosted cyber range learning solutions for beginners up to advanced SecOps pros. Gamification is an increasingly important way for enterprises to attract tomorrow’s cyber pro talent and create tailored learning and more defined career paths and progression.
Read more Rethinking cyber learning—consider gamification
Featured image for Microsoft works with researchers to detect and protect against new RDP exploits

Microsoft works with researchers to detect and protect against new RDP exploits

The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check.
Read more Microsoft works with researchers to detect and protect against new RDP exploits
Two women collaborate over a desk at work. Featured image for Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM

Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM

Learn about all the new features and enhancements introduced in Azure Sentinel, Microsoft’s cloud-native SIEM solution, during Ignite 2019.
Read more Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM
Image of a laptop open on a desk. Featured image for Further enhancing security from Microsoft, not just for Microsoft

Further enhancing security from Microsoft, not just for Microsoft

Today, at the Microsoft Ignite Conference in Orlando, Florida, I’m thrilled to share the significant progress we’re making on delivering endpoint security from Microsoft, not just for Microsoft.
Read more Further enhancing security from Microsoft, not just for Microsoft