Wednesday January 29, 2020
Home Lead Story US Court Gran...

US Court Grants Microsoft Control of 99 Hacking Websites

Websites registered and used by Phosphorus include, for example, outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net

0
//
microsoft
FILE - Microsoft Corp. signage is seen outside the Microsoft Visitor Center in Redmond, Washington, July 3, 2014. VOA

A US court has granted Microsoft control of 99 websites widely associated with an Iranian group that were used to conduct hacking operations globally.

The court authorised Microsoft’s Digital Crimes Unit (DCU) to take control of the websites belonging to the group called Phosphorus (also known as APT 35, Charming Kitten and Ajax Security Team) so that these can no longer be used to execute cyber attacks.

“Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking Phosphorus since 2013,” said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft in a blog post late Wednesday.

Its activity is usually designed to gain access to the computer systems of businesses and government agencies and steal sensitive information.

“Its targets also include activists and journalists – especially those involved in advocacy and reporting on issues related to the Middle East,” Burt added.

Microsoft, Taiwan AI
A man walks past a Microsoft sign set up for the Microsoft BUILD conference at Moscone Center in San Francisco, April 28, 2015. VOA

Phosphorus typically attempts to compromise the personal accounts of individuals through a technique known as spear-phishing, using social engineering to entice someone to click on a link, sometimes sent through fake social media accounts that appear to belong to friendly contacts.

The link contains malicious software that enables Phosphorus to access computer systems.

“Phosphorus also uses a technique, whereby it sends people an email that makes it seem as if there’s a security risk to their accounts, prompting them to enter their credentials into a web form that enables the group to capture their passwords and gain access to their systems,” Burt informed.

Also Read- British Cybersecurity Inspect Major Technical Issues in Huawei’s Software

Websites registered and used by Phosphorus include, for example, outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net.

“The action we executed last week enabled us to take control of 99 websites and redirect traffic from infected devices to our Digital Crime Unit’s sinkhole,” said Microsoft. (IANS)

Next Story

“Collaboration Is The Key To Ensure Cyber-Security”, Says Microsoft

The company deploys a number of sensors that are looking for information from cyber incidents around the world -- sort of metadata about what's going on -- whether it's from PCs, servers or in the Cloud

0
Microsoft
Microsoft spends over $1 billion annually on Cyber-Security and uses Artificial Intelligence (AI) and Machine Learning (ML) in a big way to gain accurate insights and faster automated response to real-time threats. Pixabay

As governments the world over deliberate over how to tackle growing nation-state cyber attacks and protect sensitive data, a top Microsoft official said that collaborations between the governments, tech companies and third-party cybersecurity agencies can help address the growing menace.

According to Rob Lefferts, CVP-Program Management M365 Security at Microsoft, the company takes nation-state cyber attacks very seriously. “We have a whole research team dedicated to understand the behaviour of nation-state attacks. We partner with governments around the globe to help protect citizens against such attacks,” Lefferts told IANS during an interaction.

Microsoft spends over $1 billion annually on Cyber-Security and uses Artificial Intelligence (AI) and Machine Learning (ML) in a big way to gain accurate insights and faster automated response to real-time threats.

“We are using AI and ML as a tool to empower defenders and to more effectively protect organizations. When we talk to companies in India, 92 per cent of organisations have either already adopted or looking to adopt AI in their approach towards cybersecurity,” said Lefferts. For Microsoft, it is a strategic investment for the company.

“We took a very, very strong approach over six years ago around investing over $1billion a year in research and development of security technologies. The goal is to help us better protect, detect and respond to real-world threats in today’s environment,” stressed the Microsoft executive. The company deploys a number of sensors that are looking for information from cyber incidents around the world — sort of metadata about what’s going on — whether it’s from PCs, servers or in the Cloud.

“We do not collect actual content but metadata of behaviours. We collect more than 8 trillion of those signals every day. And then, we use those models to better protect organisations,” informed Lefferts. “Every day, 3,500 Microsoft security professionals track threats and provide better enforcement protection for our customers,” he added. According to him, Microsoft learns from its customers and actual users.

“What’s exciting is the ability to turn that information around at incredible speed to protect customers. Since we’re using Cloud-powered technologies, those updates and new protections come to customers almost instantaneously. In fact, in many cases, we use behavioural analytics to detect problems before they’re even problems,” Lefferts told IANS. Collaboration is very critical in the cybersecurity space.

Microsoft
As governments the world over deliberate over how to tackle growing nation-state cyber attacks and protect sensitive data, a top Microsoft official said that collaborations between the governments, tech companies and third-party cybersecurity agencies can help address the growing menace. Pixabay

“One is collaboration across the security industry. Then there is collaboration around actual incidents and problems as they occur. This is a place where it’s not just a matter of machines; we need machines to empower humans,” he noted.

In 2018, top 34 global technology and securities firms, led by Microsoft and Facebook, signed a “Cybersecurity Tech Accord” to defend people from malicious attacks by cybercriminals and nation-states. The 34 companies include Cisco, HP, Nokia, Oracle, VMware, Dell, CA Technologies, Symantec, Bitdefender, F-Secure, RSA and Trend Micro, among others.

ALSO READ: Here’s how Consuming High Fibre Diet Leads to Bloating

“This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world,” said Microsoft President Brad Smith. (IANS)