Cyber Security News

Microsoft Ignite New 360-Degree Details Attackers Tools & Methods

A significant leap forward in cybersecurity was announced with the introduction of new threat intelligence (TI) capabilities in Security Copilot, aimed at giving organizations a comprehensive ‘360-degree’ view of attacker tools and methodologies.

These innovations promise to provide defenders with deeper insights into potential threats, making it easier than ever to detect and neutralize adversaries before they can cause harm.

New 360-degree Details Attackers Tools

Microsoft’s Security Copilot team has been working relentlessly to enhance its TI platform, and their latest developments offer unprecedented power to organizations seeking to stay ahead of attackers.

With the newly expanded threat intelligence capabilities, Security Copilot users can now build a more holistic view of threats by tapping into a vast array of TI sources.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

This includes better insights into attacker tooling, methodologies, and their potential impact on an organization’s security posture.

One of the key updates announced at Ignite 2024 is the general availability (GA) of Security Copilot’s ability to integrate a wide range of TI sources into a single, unified view.

This gives customers a more comprehensive understanding of both known and emerging threats, allowing for faster and more effective responses.

One of the most exciting new features is the public preview of MDTI indicator data, which introduces ten new skills that enhance the ability to link Indicators of Compromise (IoCs) to related threat intelligence.

This feature enables security analysts to access critical context around attacks, including connections to infrastructure, associated articles, and detailed information on attackers.

By using automated infrastructure chaining, analysts can now investigate relationships between different data sets more effectively.

This capability is invaluable for preemptive threat hunting, as it allows organizations to stay one step ahead of adversaries by uncovering new attacker tools and methodologies before they are fully deployed. The new skills harness two key categories of threat intelligence data:

  • In-depth Indicators Data: This feature links IoCs with all relevant threat intelligence in MDTI, including profiles, detonation data, and reputation analysis. This allows security teams to quickly understand the nature of an attack and respond more efficiently.
  • Indicators Metadata: By drawing from global internet data sets — including WHOIS, DNS, SSL certificates, and more — Security Copilot can map out the attacker’s infrastructure, enabling organizations to detect related activity and mitigate threats early.
The indicator has been linked to several IP addresses, two articles, and three intel profiles. Copilot has also pulled up its reputation, WHOIS, and passive DNS data.

Another major announcement was the GA expansion of Unified Vulnerability Intelligence within Security Copilot.

This enhancement integrates vulnerability and asset intelligence from Microsoft tools such as Microsoft Defender External Attack Surface Management (MDEASM), Defender Vulnerability Management (MDVM), and Threat Analytics.

The threat intelligence sidecar in Defender XDR shows the key details

Through this integration, customers gain a more complete view of vulnerabilities, including how they are being exploited by threat actors.

The unified view provides organizations with detailed information on exposed assets, risk prioritization, and remediation steps, allowing for quicker and more informed decision-making.

With these innovations, Microsoft is continuing to lead the charge in providing cutting-edge cybersecurity tools.

By processing 78 trillion security signals daily, Microsoft’s Security Copilot delivers world-class threat intelligence, offering unparalleled insights into the global threat landscape.

This ensures that organizations have the tools they need to detect and respond to threats with speed and precision, safeguarding their critical assets.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

2 hours ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

2 hours ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

7 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago