Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. To avoid detection, attackers are increasingly turning to cross-process injection. Cross-process injection gives attackers the ability to run malicious code that masquerades as legitimate programs.
Technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims.
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks.
The cornerstone of tech support scams is the deception that there is something wrong with your PC. To advance this sham, tech support scams have long abused browsers’ full screen function.
This post is authored by Joe Faulhaber, Senior Consultant ECG In today’s cyber threat landscape, it’s not a question of if an attack will occur, but who will attack and when. To keep enterprise data safe against global threats that include attackers as technically sophisticated as any defender, enterprises need to have world-class cyber defenses.
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides.
This post is authored by Jonathan Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group. The cyber kill chain describes the typical workflow, including techniques, tactics, and procedures or TTPs, used by attackers to infiltrate an organization’s networks and systems.
Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. This is part of our continued efforts to tackle entire classes of threats.
(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, Teaming up in the war on tech support scams.
Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their latest malvertising campaigns.
