Apologize for being a day late on the weekly recap of Microsoft Security News but I was out riding roller coasters yesterday with the family and didn’t have the opportunity to get this out. As exciting as the coasters I was on yesterday is the past week’s news provided below.
I’m excited to announce the public preview of Azure AD My Sign-Ins—a new feature that allows enterprise users to review their sign-in history to check for any unusual activity. As we discussed in a previous blog post, our team defends against hundreds of millions of password-based attacks every day.
Attackers relentlessly up their game in bypassing security, either by using evasive techniques or, in the case of sophisticated threats like the fileless campaign Nodersok or the banking Trojan Trickbot, by attempting to disable Windows Defender Antivirus. Attackers go after real-time protection settings like OnAccessProtection policies, try to stop the Windows Defender Antivirus service, or attempt to turn off behavior monitoring and script scanning. In essence, attackers try to break the shield and take down the features that effectively work at stopping them.
This is a scenario that partners and customers alike have asked about for some time, and so we’re excited to announce the general availability of Microsoft Secure Score integration with ServiceNow, Microsoft Teams and Microsoft Planner. With it, security administrators can create ticket, tasks, and send messages directly from the Microsoft Secure Score experience.
Top 6 email security best practices to protect against phishing attacks and business email compromise
Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency.
Every day, somewhere in the world, governments, businesses, educational organizations, and individuals are hacked. Precious data is stolen or held for ransom, and the wheels of “business-as-usual” grind to a halt. These criminal acts are expected to cost more than $2 trillion in 2019, a four-fold increase in just four years. The seeds that bloom into these business disasters are often planted in both hardware and software systems created in various steps of your supply chain, propagated by bad actors and out-of-date business practices.
The Microsoft Cyber Defense Operations Center (CDOC) fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won’t surprise you: we leverage artificial intelligence (AI), machine learning, and automation to narrow the focus. But technology is not enough. Our people, culture, and process are just as critical.
You already have some information about your environment, and you may know all the datatypes (logs) you have along with the interesting properties in those data sets, but it is best to clearly document and understand what you know. To start to build an understanding of the norms for your data, ask yourself these questions (among others) and this can lead you to hunting methods.