What’s new in Windows Defender ATP Fall Creators Update

When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop…

5

Understanding the true size of “Fireball”

Keeping tabs on the movement of cybersecurity threats, understanding the size and scope of attacks, and disrupting cybercriminal campaigns through next-gen technologies are fundamental parts of our day-to-day work at Microsoft Windows Defender Research. So when recent reports of the “Fireball” cybersecurity threat operation were presented as a new discovery, our teams knew differently because…

0

Partnering with the AV ecosystem to protect our Windows 10 customers

On Friday May 12th, and for several days afterwards, more than a quarter-million computers around the world fell victim to the ransomware known as WannaCrypt or WannaCry. As that recent event has shown, malicious actors bring nearly boundless time and skill to commit cybercrime that can cause harm to millions of people. That is why…

4

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know as WannaCrypt, which targeted a large number of out-of-date systems and held encrypted files for…

4

MSRT June 2017: Removing sneaky Xiazai

In the June release of the Microsoft Malicious Software Removal Tool (MSRT), we’re adding Xiazai, a widespread family of browser modifiers that we have blocked and removed from millions of computers since 2015. Xiazai is a software bundler that can sneak in additional changes. Xiazai does not install itself or make autostart registry entries, but…

1

Windows 10 Creators Update provides next-gen ransomware protection

Multiple high-profile incidents have demonstrated that ransomware can have catastrophic effects on all of us. From personally losing access to your own digital property, to being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, destructive attacks have grown in severity and scale on all platforms – including…


PLATINUM continues to evolve, find ways to maintain invisibility

Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group. We described a group that was well-resourced and quickly adopted advanced techniques, such as hot patching to silently inject code into processes. They used hot patching…

0

WannaCrypt ransomware worm targets out-of-date systems

(Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.)   On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises…

110

Antivirus evolved

Some say antivirus is an outdated technology. What does “antivirus” even mean? For us, antivirus is the most commonly recognized term that means for customers “a product that stops bad programs from infecting my device.” Saying “antivirus” is similar to when you hear a Southerner (like myself) say “Coke” when referring to a carbonated beverage….

2

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised…

4