I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview has data security capabilities that form part of a holistic mitigation strategy. Microsoft 365 Defender is our security solution for phishing and related cyberthreats. Some great analysis has been done by the Microsoft Threat Intelligence team on BazaCall’s Tactics, Techniques, and Procedures (TTPs). The ..read more

Why should you care about the behavioral risk of your employees? Eighty-two percent of breaches include (and often start with) user behavior.1 Not all are phishing, but a majority of them are just that. Phishing is, and has been for many years, the cheapest and most reliable way for an attacker of any motivation (nation-state actors down to simple script-kiddie scammers) to establish a toehold in an organization. Social engineering and phishing are used for initial breach tactics, lateral movement, and elevation of privilege, and, in many cases, they directly lead to data exfiltration. Worse ..read more

The Terranova Security annual Gone Phishing Tournament™ wrapped up in October 2020, spanning 98 countries and industries including healthcare, consumer goods, transport, energy, IT, finance, education, manufacturing, and more. Using templates created from actual phishing attacks created by Microsoft Security, Terranova Security Awareness Training draws on principles of behavioral science to create content that changes user behavior. True to our mission, this year’s results reveal a lot about the state of cybersecurity at the human level—your organization’s first line of defense. Tournament res ..read more

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. You can learn more about MISA here.  Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple and often go undetected. One technique that attackers continue to leverage to obfuscate their activity and remain undetected is dwell time. Dwell is the time between the initial compromise and the point when the attack campaign is identified. While industry reports offer differing ave ..read more

Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing attacks from hitting user inboxes. At that point in time, your employees become your defenders. They must be trained to recognize and report phishing attacks. But not all training is equally proficient. This blog examines the current state of security awareness training, including how you can create an i ..read more

Microsoft Threat Protection can help you reduce the cost of phishing The true cost of a successful phishing campaign may be higher than you think. Although phishing defenses and user education have become common in many organizations, employees still fall prey to these attacks. This is a problem because phishing is often leveraged as the first step in other cyberattack methods. As a result, its economic impact remains hidden. Understanding how these attacks work is key to mitigating your risk. One reason phishing is so insidious is that attackers continuously evolve their methods. In this blog ..read more

Detect, assess, and remediate phishing risks across your organization A successful phishing attack requires just one person to take the bait. That’s why so many organizations fall victim to these cyber threats. To reduce this human risk, you need a combination of smart technology and people-centric security awareness training. But if you don’t understand your vulnerabilities, it can be difficult to know where to start.  Attack simulation training capabilities in Office 365 Advanced Threat Protection (Office 365 ATP) empower you to detect, assess, and remediate phishing risk through an int ..read more

Recently, we published our first case report (001: …And Then There Were Six) by the Microsoft Detection and Response Team (DART). We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for more reports. We are glad to share the DART Case Report 002: Full Operational Shutdown. In the report 002, we cover an actual incident response engagement where a polymorphic malware spread through the entire network of an organization. After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy ..read more

This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. To learn more about MISA, visit the MISA webpage. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), your organization is open to the phishing attacks that target your customers, crater your email deliverability rates, and crush your email-based revenue streams. For all the utility of email, which remains the ultimat ..read more

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25 percent of people file their taxes. The phishing campaigns we’ve seen aren’t just in the U.S., though; we’ve also recently uncovered similar tactics in Canada, Brazil and India. It’s important for users across the globe to follow best practices and stay vigilant. With less than a month until the filing ..read more