Security News > 2023 > February > Microsoft grows automated assault disruption to cover BEC, ransomware campaigns

The automatic attack disruption functionality aimed at corporate security operation centers uses millions of data points and signals to identify active malware campaigns - including ransomware - and take steps to automatically isolate the device under attack from the network and to suspended accounts compromised by the attackers.

The software and cloud services giant has now expanded the public preview of the automatic attack disruption capability to cover business email compromise and human-operated ransomware attacks.

"Business email compromise and human-operated ransomware attacks are two common attack scenarios that are now supported by Microsoft 365 Defender's automatic attack disruption capabilities to reduce their impact on an organization," Eval Haik, senior product manager at Microsoft, wrote in a post.

Miscreants running BEC campaigns target organizations to attack and uses social engineering techniques to trick victims within the company to inadvertently download malware, request payment from vendors, or transferring funds to an account controlled by the attacker.

The rollout of automatic attack disruption in Microsoft 365 Defender is a nod not only to the increasing numbers and sophistication of cyberattacks, but also their sheer velocity and growing expertise.

Microsoft has found that by once a miscreant deploys ransomware in a network, a SOC analyst has less than 20 minutes to mitigate the attack.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/24/microsoft_365_disrupt_attacks/