Security News > 2021 > August > Microsoft adds Fusion ransomware attack detection to Azure Sentinel

Microsoft says that the Azure Sentinel cloud-native SIEM platform is now able to detect potential ransomware activity using the Fusion machine learning model.
Microsoft announced today that its cloud-based SIEM now supports Fusion detections for possible ransomware attacks and triggers high severity Multiple alerts possibly related to Ransomware activity detected incidents.
Azure Defender: 'GandCrab' ransomware was prevented.
To detect potential ongoing ransomware attacks, Azure Sentinel can use the following data connectors to collect data from the following sources: Azure Defender, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security, and Azure Sentinel scheduled analytics rules.
"Incidents are generated for alerts that are possibly associated with Ransomware activities, when they occur during a specific time-frame, and are associated with the Execution and Defense Evasion stages of an attack," Microsoft explains.
Following a ransomware attack scenario detected by Fusion in Azure Sentinel, admins are advised to consider the systems as "Potentially compromised" and take immediate actions.
News URL
Related news
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)