Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team
Today, we’re glad to share DART Case Report 002—Full Operational Shutdown.
Today, we’re glad to share DART Case Report 002—Full Operational Shutdown.
Microsoft identified several dozens of hospitals with vulnerable gateway and VPN appliances. We sent these hospitals a first-of-its-kind notification with important info about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates.
The hardware and software companies who supply utilities must implement better security of their build and update environment to reduce the risk of an attack on critical infrastructure.
Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
Secured-core PCs combine virtualization, operating system, and hardware and firmware protection. Along with Microsoft Defender ATP, Secured-core PCs provide end-to-end protection against advanced attacks that leverage driver vulnerabilities to gain kernel privileges.
Set a high standard of software assurance with internal teams, partners, and suppliers to reduce your risk of a software supply chain attack.
Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.
In the new DART Case Reports, you’ll find unique stories from our team’s engagements around the globe. Read the first in the series today.
In human-operated ransomware attacks, adversaries exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.
The “Defending the power grid against supply chain attacks” blog series analyzes how supply chain attacks are conducted and the steps utilities, device manufacturers, and software providers can take to better secure critical infrastructure.