Trickbot disrupted
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure.
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020.
Microsoft shares new threat intelligence, security guidance during global crisis
Our threat intelligence shows that COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to the pandemic. We’re seeing a changing of lures, not a surge in attacks. These attacks are settling into the normal ebb and flow of the threat environment.
Human-operated ransomware attacks: A preventable disaster
In human-operated ransomware attacks, adversaries exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.
Small businesses targeted by highly localized Ursnif campaign
In social engineering attacks, is less really more? A new malware campaign puts that to the test by targeting home users and small businesses in specific US cities. This was a focused, highly localized attack that aimed to steal sensitive info from just under 200 targets. Macro-laced documents masqueraded as statements from legitimate businesses.