Microsoft takes legal action against COVID-19-related cybercrime  | Microsoft On The Issues

Microsoft takes legal action against COVID-19-related cybercrime  | Microsoft On The Issues

Today, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks

To further protect yourself against phishing campaigns, including BEC, we recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites and carefully check your email forwarding rules for any suspicious activity. Businesses can learn how to recognize and remediate these types of attacks and also take these steps to increase the security of their organizations

The rest of the post Microsoft takes legal action against COVID-19-related cybercrime  appeared first on Microsoft on the Issues.

from Microsoft on the Issues

PyDev of the Week: Cristi Vlad | The Mouse vs The Python

PyDev of the Week: Cristi Vlad | The Mouse vs The Python

This week we welcome Cristi Vlad (@CristiVlad25) as our PyDev of the Week! Cristi teaches cybersecurity with Python on his Youtube Channel. He has also authored some books and writes on his blog. You can see his books there too.

Let’s take some time to get to know Cristi better!

Cristi Vlad

Can you tell us a little about yourself (hobbies, education, etc):

I always loved numbers. With a Master’s Degree in Civil Engineering, I decided to pass on a great job opportunity in the field upon finishing my studies and to try my shot at computer stuff.

There was something about the combination of entrepreneurship and improving my physiology that had a hard pull on me. So I began studying how to improve my physical and mental capacity, I delved into biochemistry, human anatomy and the scientific literature of sorts and I ended up writing 7 books on physical improvement.

With an innate curiosity, I always tried teaching myself computer programming but, failed miserably for a couple of times. I tried learning JAVA, as I wanted to also wear the hat of Android developer. This was between 2011 and 2015.

I thought of giving programming the last shot and if I were not to make any progress, I would quit the effort completely.

Why did you start using Python?

JAVA was definitely not the way to go for me. It was ugly and unappealing. So my next best shot had to be something clean, intuitive, and very straight-forward. And that was Python. This was 2015 and Python had a well-established community of warm developers.

So I bombarded myself with resources to assimilate Python, with a large emphasis on practice. I practiced a lot on the combination of genomics and Python, using biopython and other libraries. That saved me. I began feeling I wasn’t completely retarded when it came to computer programming.

What other programming languages do you know and which is your favorite?

Python is by far my favorite language. However, as I began having a better hold of it, I also explored other concepts, such as Javascript, C++, C, Bash and Assembly.

Thanks so much for doing the interview, Cristi!

The rest of the post PyDev of the Week: Cristi Vlad appeared first on The Mouse Vs. The Python.

from The Mouse Vs. The Python

Staying safe and smart in the internet-of-things era | Microsoft On The Issues

Staying safe and smart in the internet-of-things era | Microsoft On The Issues

Today, the Cybersecurity Tech Accord announced its resource hub for internet of things (IoT) device security – “Stay Smart. Stay Safely Connected.” Do you have a smart speaker? Smart TV? Smart doorbell? Or any of others on the growing list of internet-connected devices? This resource is for you. Truly, it’s for all of us.

Increasingly, every device and home appliance is internet-connected, and it’s not hard to see why – they’re very convenient. Being able to monitor progress on a fitness tracker or to set and adjust appliances such as a thermostat from one’s phone or by simply talking to a speaker makes life easier and more enjoyable. However, the simplicity of these connected devices, which can be as easy to set up as plugging them in and picking a Wi-Fi network, often belies their security risk. Consumers may feel like they have to choose between using modern devices on the one hand and protecting their privacy and security on the other. Not so.

Addressing this misperception is what the “Stay Smart. Stay Safely Connected” campaign is all about. Developed in collaboration with Consumers International, the resource hub on the Cybersecurity Tech Accord website features simple and straightforward security guidance that is intended to be accessible to all consumers. It includes best practices for IoT security, including:

  1. How to secure your home network – through actions such as strategic router configuration, placement and network naming
  2. How to secure device access – by avoiding common passwords, changing any default passwords and enabling two-factor authentication
  3. How to avoid insecure networks – by not connecting to suspicious public networks and even setting up a dedicated IoT home network.

In addition to this general advice, the website drills down to give specific security guidance for the most common internet-connected devices – including smart speakers, TVs, doorbells, baby monitors and many more. The guidance is comprehensive, easy to follow and empowers all technology users to be in charge of their own security. It even provides “beginner,” “intermediate” and “advanced” levels of security advice for each device, so no matter your level of expertise, you are able to identify concrete steps to keep yourself and your family safe…

Now including more than 140 technology companies from around the world, the Cybersecurity Tech Accord is the largest ever industry commitment to cybersecurity principles to protect users and customers everywhere. And protecting the digital ecosystem today doesn’t just mean securing personal computers and phones and the infrastructure of the internet; it also includes protecting the 20 billion connected devices that now make up our internet of things. Thankfully, the Cybersecurity Tech Accord’s advice includes expertise from across the technology industry – including leading chip and device manufacturers as well as software developers – allowing for a 360-degree view of IoT security and the best ways that customers can keep themselves safe.

Microsoft has been proud to be a signatory of the Cybersecurity Tech Accord since it was launched in 2018, and to have seen it grow and advance cybersecurity through a number of initiatives in the years since. I am particularly grateful that we have been able to help support this project, however, as it combines so many of the values of the Cybersecurity Tech Accord – working across industry and collaborating with civil society partners – to drive user awareness and better security where it is needed most.

The rest of the post Staying safe and smart in the internet-of-things era appeared first on Microsoft on the Issues.

from Microsoft on the Issues

New action to disrupt world’s largest online criminal network | Microsoft on the Issues

New action to disrupt world’s largest online criminal network | Microsoft on the Issues

Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.

The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world. During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims…

To make sure your computer is free of malware, visit

The rest of the post New action to disrupt world’s largest online criminal network appeared first on Microsoft on the Issues.

from Microsoft on the Issues

Microsoft takes court action against fourth nation-state cybercrime group | Microsoft on the Issues

Microsoft takes court action against fourth nation-state cybercrime group | Microsoft on the Issues

This will become very important as probably the most important election year in my lifetime (I know, this could be said about every election, but…) the need for cybersecurity is critical to the collective survival of the experiment named the United States of America.

Personal emphasis.

On December 27, a U.S. district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium, which is believed to operate from North Korea. Our court case against Thallium, filed in the U.S. District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations. With this action, the sites can no longer be used to execute attacks.

Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking and gathering information on Thallium, monitoring the group’s activities to establish and operate a network of websites, domains and internet-connected computers. This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information. Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the U.S., as well as Japan and South Korea.

Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing. By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target. As seen in the sample spear-phishing email below, the content is designed to appear legitimate, but closer review shows that Thallium has spoofed the sender by combining the letters “r” and “n” to appear as the first letter “m” in “”

Phishing example

The link in the email redirects the user to a website requesting the user’s account credentials. By tricking victims into clicking on the fraudulent links and providing their credentials, Thallium is then able to log into the victim’s account. Upon successful compromise of a victim account, Thallium can review emails, contact lists, calendar appointments and anything else of interest in the compromised account. Thallium often also creates a new mail forwarding rule in the victim’s account settings. This mail forwarding rule will forward all new emails received by the victim to Thallium-controlled accounts. By using forwarding rules, Thallium can continue to see email received by the victim, even after the victim’s account password is updated

The rest of the post Microsoft takes court action against fourth nation-state cybercrime group appeared first on Microsoft on the Issues.

from Microsoft on the Issues

Paris Call: Growing Consensus on Cyberspace | Microsoft on the Issues

Paris Call: Growing Consensus on Cyberspace | Microsoft on the Issues

Today, Jean-Baptiste Lemoyne, France’s Minister of State attached to the Minister for Europe and Foreign Affairs, announced remarkable progress toward securing cyberspace. The community of Paris Call signatories is growing and taking new initiative to thwart attacks that threaten our democracies, economies and public services. The number of signatories of the Paris Call for Trust and Security in Cyberspace, announced a year ago, has nearly tripled to more than 1,000 and now includes 74 nations; more than 350 international, civil society and public sector organizations; and more than 600 private sector entities. These commitments to the Paris Call from around the world demonstrate a widespread, global, multi-stakeholder consensus about acceptable behavior in cyberspace.

The principles in the Paris Call address real-world challenges we’re facing today, like preventing foreign interference in elections, protecting availability of the internet, and curbing attacks on critical infrastructure. Importantly, supporters are committed to working together in a multi-stakeholder model, with governments, industry, academia and civil society collaborating to protect our cyberspace from nation-state threats, including attacks on our democratic processes.

Nations now supporting the Paris Call reflect the broadening mandate for international action to address cyberthreats with 10 Latin American nations, 13 Asian and Pacific signatories and eight African nations joining with 42 European states and Canada. In total, Paris Call signatories represent almost 40 percent of United Nations member states.

Enterprises in more than 60 countries and civil society groups in more than 65 countries have now joined, with respected retailers like Migros of Switzerland and Rakuten of Japan; financial services and insurance companies like CIMB Group in Malaysia and AXA Group in France; the global logistics leader Deutsche Post DHL Group; media and telecommunications providers like Sky and Telefonica; as well as civil society organizations like the German Marshall Fund of the United States and the Vatican’s Pontifical Academy for Life. More than 60 enterprises and civil society groups in India have joined, although the Indian Government has not yet made its commitment

The rest of the post Paris Call: Growing Consensus on Cyberspace appeared first on Microsoft on the Issues.

from Microsoft on the Issues

Why hospitals are a weak spot in U.S. cybersecurity | Axios

Axios Photo

It never occurred to me that Hospitals are soft targets. I’m mostly not alone in this fact. The reasons why scare the daylights out of me, and with cost pressures and the movement towards everyone being able to participate, this will only get work.

Now would be a good time to think of Hospital security in the same manner of our Election systems and other government entities, even if the Hospital is an official for-profit facility. The bad actors don’t make the distinction.

Over 32 million people have had their health information breached this year, in 311 hacking incidents against health care providers that are under investigation by the Department of Health and Human Services.

The big picture: Complex, bloated hospital systems are a glaring weak spot in U.S. cybersecurity — and there are limits on the government’s power to help…

Source: Why hospitals are a weak spot in U.S. cybersecurity

New cyberattacks targeting sporting and anti-doping organizations | Microsoft on the Issues

New cyberattacks targeting sporting and anti-doping organizations | Microsoft on the Issues

Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.

At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency. Some of these attacks were successful, but the majority were not. Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems.

This is not the first time Strontium has targeted such organizations. The group reportedly released medical records and emails taken from sporting organizations and anti-doping officials in 2016 and 2018, resulting in a 2018 indictment in federal court in the United States…

You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites.

The rest of the post New cyberattacks targeting sporting and anti-doping organizations appeared first on Microsoft on the Issues.

from Microsoft on the Issues

New cyberthreats require new ways to protect democracy

New cyberthreats require new ways to protect democracy
Man and woman look at Microsoft ElectionGuard demos
Microsoft ElectionGuard demos on July 17, 2019 at the Aspen Security Forum in Aspen, Colorado. 

With the elections coming up, regardless of who you support, this is vital. I haven’t seen any other major tech company coming up with solutions, though it’s mentioned inside the full blog post.

Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia,  are needed more than ever to help defend democracy.


So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections.


Our ElectionGuard demo will showcase three core features.


First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.


Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time, voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form, the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.


Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.


ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.


No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.


The post New cyberthreats require new ways to protect democracy appeared first on Microsoft on the Issues.


from Microsoft on the Issues via IFTTT 

‘Netizens’ highlights the need for collaboration to fight online harassment, ‘revenge porn’ | Microsoft on the Issues

Microsoft recently hosted a screening of the documentary film “Netizens”, which examines the online harassment of women and the non-consensual distribution of intimate images, what is commonly but unartfully referred to as “revenge porn.” The event, which included a multi-stakeholder panel discussion, underscores the need for all groups to work together to tackle online hate and abuse and to promote digital civility and safer and more respectful online interactions.


Microsoft’s approach


At Microsoft, we believe “whole society” strategies hold the greatest promise for addressing issues like online harassment and the non-consensual distribution of intimate images. It was nearly four years ago that we announced our approach to the non-consensual distribution of intimate images on our consumer services. At the time, we sought to put victims back in control of their privacy, stating that when contacted by a victim or his or her representative, Microsoft would remove links to photos and videos from Bing search results and remove the content itself when it was shared on OneDrive or Xbox Live. We created a dedicated web form for making such reports to us.


Digital civility and ‘Netizens’


In addition, Microsoft was eager to collaborate with Lowen and her team given the close alignment to our own ongoing campaign for digital civility, fostering safer, healthier and more respectful online interactions among all people. Our work in digital civility started in 2016, and we’re about to field our fourth installment of global perception and attitudinal research. Each year, we survey teens and adults about their exposure to more than 20 online risks, including “sexploitation” and the non-consensual distribution of intimate images.


Learn more


To learn more about the film, visit the “Netizens” website and consult these Microsoft resources: online bullying and harassment factsheet, risks of sexting factsheet. For more on general online safety issues, visit our website and resources page. And, for regular news and information about online safety, connect with us on Facebook and Twitter.


from Microsoft on the Issues

Technology and the US military | Microsoft on the Issues

Technology and the US military | Microsoft on the Issues

Over the last few months, there has been a debate in our industry about when and how technology companies should work with the government, and specifically whether companies should supply digital technology to the military, including here in the United States. Yesterday, Satya Nadella and I addressed this issue in a conversation with our employees at the company’s monthly Q&A session. Given the public interest in this question, we want to be transparent both internally and externally on where Microsoft stands on these issues.


As we explained at our Q&A session, our work as a company in this space is based on three straightforward convictions.


  1. We believe in the strong defense of the United States and we want the people who defend it to have access to the nation’s best technology, including from Microsoft.
  2. We appreciate the important new ethical and policy issues that artificial intelligence is creating for weapons and warfare…
  3. We understand that some of our employees may have different views…

<snip> The post Technology and the US military appeared first on Microsoft on the Issues.

from Microsoft on the Issues via IFTTT

EHR vendors, you’re not only next, but now.

This blog and other places have discussed the recent publicity about Ransomware and how hospitals cope with it, some better than others. What they really want is the Electronic Health Records that are employed in such environments. EHR are very personal and specific. Add the web-based nature of exchange and that is manna to a hacker because they can “hit once, effect many”. Mark Menke, security expert and CTO of Network DLP at Digital Guardian remarked: The financial incentives associated with EHR adoption encourage healthcare providers to roll out bare-bones systems without the infrastructure to back them u(Lisa Hoover McGreevey, 2016).
  1. HIPAA has very specific rules regards data security and the chain of command. Ignore this at your peril.
  2. Virtually all data in an EHR is valuable, some parts more than others. It is the cyber security specialist along with the practice IT staff or consultants to know the difference. Ignorance is not bliss here.
  3. Encryption, Digital Rights Management (DRM), Single Sign On (SSO), and other technologies are your gateway to mitigating the attacks that will come.
  4. Backups, Backups, Backups. The size of the organization will determine how often this is done; Real-time on-site/off-network and hourly off-site is a good place to start.
(Mark Menke, 2016).

Continue reading