Microsoft has sought to bolster the ransomware combating capabilities of Microsoft Defender for Endpoint by integrating artificial intelligence improvements, reports ZDNet.
Machine learning algorithms enabling the identification of malicious files, user accounts, processes, and devices have been added to Defender for Endpoint to enable an improved analysis of attacker patterns and behaviors. Microsoft has also included AI-generated time-based and statistical security alert analysis, graph-based suspicious event aggregation, and device-based event monitoring. Such features have allowed better pattern and connection identification, with ransomware-associated files and entities blocked automatically in the event of an adequate confidence level, according to Microsoft.
"With its enhanced AI-driven detection capabilities, Defender for Endpoint managed to detect and incriminate a ransomware attack early in its encryption stage, when the attackers had encrypted files on fewer than four percent (4%) of the organization's devices, demonstrating improved ability to disrupt an attack and protect the remaining devices in the organization," said Microsoft.
Microsoft details AI use in combating ransomware attacks
Microsoft has sought to bolster the ransomware combating capabilities of Microsoft Defender for Endpoint by integrating artificial intelligence improvements, reports ZDNet.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.
Such an intrusion was claimed to have resulted in the exfiltration of troves of data, with Underground exposing confidential, financial, and legal documents, employees' personal and payroll data, non-disclosure agreements, patent and project information, and incident reports purportedly stolen from Casio's systems on its extortion portal.