Skip to content

Microsoft Secure

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms...

Read more

Windows 10 platform resilience against the Petya ransomware attack

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices. Read our latest report: A worthy upgrade:...

Read more

Security Data Scientists Without Borders – Thoughts from our first Colloquium

The move to the cloud is changing the security landscape. As a result, there is a surging interest in applying data-driven methods to security. In fact, there is a growing community of talented people focused on security data science. We’ve been shedding our respective “badges” and meeting informally for years, but recently decided to see...

Read more

What are Confidence building measures (CBMs) and how can they improve cybersecurity?

Cyberspace security is too often viewed through a prism of technological terms and concepts. In my experience, even supposedly non-technical discussions of cyberspace quickly devolve into heated debates about “vulnerability coordination”, “the latest malware”, “the best analytical tools”, “threat information sharing”, and so on. While these are interesting and important topics, it is ultimately people...

Read more

New ransomware, old techniques: Petya adds worm capabilities

On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States. The trend towards increasingly sophisticated malware behavior, highlighted by the...

Read more

Tips for protecting your information and privacy against cybersecurity threats

This post is authored by Steven Meyers, security operations principal, Microsoft Cyber Defense Operations Center. Introducing a new video on best practices from the Microsoft Cyber Defense Operations Center In 2016, 4.2+ billion records were stolen by hackers. The number of cyberattacks and breaches in 2017 have risen 30 percent. The business sector leads in...

Read more

What’s new in Windows Defender ATP Fall Creators Update

When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop...

Read more

Understanding the true size of “Fireball”

Keeping tabs on the movement of cybersecurity threats, understanding the size and scope of attacks, and disrupting cybercriminal campaigns through next-gen technologies are fundamental parts of our day-to-day work at Microsoft Windows Defender Research. So when recent reports of the “Fireball” cybersecurity threat operation were presented as a new discovery, our teams knew differently because...

Read more

Tips for securing your identity against cybersecurity threats

This post is authored by Simon Pope, Principal Security Group Manager, Microsoft Security Response Center. Introducing new video on best practices from the Microsoft Cyber Defense Operations Center Ask any CISO or cybersecurity professional about their greatest security challenge, and it’s a good chance the answer will be “the actions of our people.” While virtually all...

Read more

Partnering with the AV ecosystem to protect our Windows 10 customers

On Friday May 12th, and for several days afterwards, more than a quarter-million computers around the world fell victim to the ransomware known as WannaCrypt or WannaCry. As that recent event has shown, malicious actors bring nearly boundless time and skill to commit cybercrime that can cause harm to millions of people. That is why...

Read more