Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks
Microsoft Security Blog » Phishing
by Steve Vandenberg
11M ago
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview has data security capabilities that form part of a holistic mitigation strategy. Microsoft 365 Defender is our security solution for phishing and related cyberthreats. Some great analysis has been done by the Microsoft Threat Intelligence team on BazaCall’s Tactics, Techniques, and Procedures (TTPs). The ..read more
Visit website
Test your team’s security readiness with the Gone Phishing Tournament
Microsoft Security Blog » Phishing
by Brandon Koeller
11M ago
Why should you care about the behavioral risk of your employees? Eighty-two percent of breaches include (and often start with) user behavior.1 Not all are phishing, but a majority of them are just that. Phishing is, and has been for many years, the cheapest and most reliable way for an attacker of any motivation (nation-state actors down to simple script-kiddie scammers) to establish a toehold in an organization. Social engineering and phishing are used for initial breach tactics, lateral movement, and elevation of privilege, and, in many cases, they directly lead to data exfiltration. Worse ..read more
Visit website
Terranova Security Gone Phishing Tournament reveals continued weak spot in cybersecurity
Microsoft Security Blog » Phishing
by Lise Lapointe
11M ago
The Terranova Security annual Gone Phishing Tournament™ wrapped up in October 2020, spanning 98 countries and industries including healthcare, consumer goods, transport, energy, IT, finance, education, manufacturing, and more. Using templates created from actual phishing attacks created by Microsoft Security, Terranova Security Awareness Training draws on principles of behavioral science to create content that changes user behavior. True to our mission, this year’s results reveal a lot about the state of cybersecurity at the human level—your organization’s first line of defense. Tournament res ..read more
Visit website
Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security
Microsoft Security Blog » Phishing
by Sanjay Raja
11M ago
This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. You can learn more about MISA here.  Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple and often go undetected. One technique that attackers continue to leverage to obfuscate their activity and remain undetected is dwell time. Dwell is the time between the initial compromise and the point when the attack campaign is identified. While industry reports offer differing ave ..read more
Visit website
Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security
Microsoft Security Blog » Phishing
by Rukma Sen
11M ago
Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing attacks from hitting user inboxes. At that point in time, your employees become your defenders. They must be trained to recognize and report phishing attacks. But not all training is equally proficient. This blog examines the current state of security awareness training, including how you can create an i ..read more
Visit website
How can Microsoft Threat Protection help reduce the risk from phishing?
Microsoft Security Blog » Phishing
by James Ringold
11M ago
Microsoft Threat Protection can help you reduce the cost of phishing The true cost of a successful phishing campaign may be higher than you think. Although phishing defenses and user education have become common in many organizations, employees still fall prey to these attacks. This is a problem because phishing is often leveraged as the first step in other cyberattack methods. As a result, its economic impact remains hidden. Understanding how these attacks work is key to mitigating your risk. One reason phishing is so insidious is that attackers continuously evolve their methods. In this blog ..read more
Visit website
How to detect and mitigate phishing risks with Microsoft and Terranova Security
Microsoft Security Blog » Phishing
by Lise Lapointe
11M ago
Detect, assess, and remediate phishing risks across your organization A successful phishing attack requires just one person to take the bait. That’s why so many organizations fall victim to these cyber threats. To reduce this human risk, you need a combination of smart technology and people-centric security awareness training. But if you don’t understand your vulnerabilities, it can be difficult to know where to start.  Attack simulation training capabilities in Office 365 Advanced Threat Protection (Office 365 ATP) empower you to detect, assess, and remediate phishing risk through an int ..read more
Visit website
Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team
Microsoft Security Blog » Phishing
by Microsoft Security Team
11M ago
Recently, we published our first case report (001: …And Then There Were Six) by the Microsoft Detection and Response Team (DART). We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for more reports. We are glad to share the DART Case Report 002: Full Operational Shutdown. In the report 002, we cover an actual incident response engagement where a polymorphic malware spread through the entire network of an organization. After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy ..read more
Visit website
How to prevent phishing attacks that target your customers with DMARC and Office 365
Microsoft Security Blog » Phishing
by Microsoft Security Team
11M ago
This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. To learn more about MISA, visit the MISA webpage. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), your organization is open to the phishing attacks that target your customers, crater your email deliverability rates, and crush your email-based revenue streams. For all the utility of email, which remains the ultimat ..read more
Visit website
Steer clear of tax scams
Microsoft Security Blog » Phishing
by Holly Stewart
11M ago
In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25 percent of people file their taxes. The phishing campaigns we’ve seen aren’t just in the U.S., though; we’ve also recently uncovered similar tactics in Canada, Brazil and India. It’s important for users across the globe to follow best practices and stay vigilant. With less than a month until the filing ..read more
Visit website

Follow Microsoft Security Blog » Phishing on FeedSpot

Continue with Google
Continue with Apple
OR