Graph: Growing number of threats leveraging Microsoft API


An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • Microsoft reportedly buys Israeli cybersecurity firm Hexadite

    May 24, 2017

    U.S. computing giant Microsoft is said to have acquired Israeli cybersecurity startup Hexadite for $100 million, the Hebrew language website Calcalist reported on Wednesday. The deal, if confirmed, would be the latest in a string of Microsoft acquisitions of Israeli software companies, many in the field of cybersecurity. Hexadite founded in Tel Aviv in 2014 and now ...

  • WannaCry: A new era of cyber security

    May 20, 2017

    When the “WannaCry” virus hit computers in at least 150 countries around the world, some called it the beginning of a new era – an era in which hackers have become experts at finding weak spots in our online security. There was also a kind of dawning realisation of how vulnerable organisations all over the globe ...

  • The government slashed NHS IT security contract despite warnings it would leave systems vulnerable to cyberattack

    May 13, 2017

    The UK government were repeatedly warned that NHS IT isystems were running on outdated operating systems that were vulnerable to attack, yet failed to ensure they were protected. Freedom of Information requests last sumer revealed that trusts across the country were still using Windows XP, despite a government contract with Microsoft to update protections for the system having ...

  • ‘Crazy bad’ bug in Microsoft’s Windows malware scanner can be used to install malware

    May 9, 2017

    Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond’s anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center ...

  • Microsoft says: Lock down your software supply chain before the malware scum get in

    May 5, 2017

    Microsoft’s security team is urging developers to shore up their software update systems – after catching miscreants hijacking an editing application’s download channels to inject malware into victims’ PCs. In a security advisory, Redmond’s infosec gurus describe Operation WilySupply: their mission to find, isolate and destroy an unusual and highly targeted form of malicious code that ...

  • ShadowBrokers’ Windows Zero-Days Already Patched

    April 17, 2017

    Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. The biggest surprise was that the most recent updates came in March in a bulletin, MS17-010, ...