Skip to content

Microsoft Secure

EMS_Cloud_5-300x168

Protecting customers from being intimidated into making an unnecessary purchase

There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program. The paid version of these programs, usually called cleaner or optimizer applications, purportedly fixes the problems discovered by the...

Read more

EMS_Cloud_4-300x174

Now you see me: Exposing fileless malware

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last year’s major ransomware outbreaks (Petya and WannaCry) used fileless techniques as part of their kill chains. The idea behind fileless malware is simple: If tools already exist on a device...

Read more

Ransomware-encounter-rate-Windows-10-vs-7

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making real-world impact, affecting corporate networks and bringing down critical services like hospitals,...

Read more

layered-machine-learning-models-funnel-3-featured

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and...

Read more

gamarue-geo-chart

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet. The disruption is the culmination of a journey that started in...

Read more

MSC17_dataCenter
Microsoft Contact: Stephen Smith (stepsmit)
Agency: Cinco Design
Agency Contact: Kate Callahan (kate@cincodesign.com)
Photographer: Amy Sacka (http://www.amysackaphotography.com/)
Shoot month: March 2017
Location: Portland, OR
Business: LinkedIn Datacenter

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for “living off the land”—staying away from the...

Read more

Qakbot-and-Emotet-Fig1-machine-encounters

Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

The threat to sensitive financial information is greater than ever. Data breaches, phishing attacks, and other forms of information theft are all too common in today’s threat landscape. Point-of-sale systems and ATMs have been targeted by hackers. Information-stealing trojans pose a risk to data and can lead to significant financial loss. Qakbot and Emotet are...

Read more

Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

Windows Defender Exploit Guard is a new set of intrusion prevention capabilities that ships with the Windows 10 Fall Creators Update. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviors commonly used in malware attacks, while enabling enterprises to...

Read more