Home
%3CLINGO-SUB%20id%3D%22lingo-sub-201900%22%20slang%3D%22en-US%22%3EMachine%20learning%20vs.%20social%20engineering%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201900%22%20slang%3D%22en-US%22%3E%3CP%3ECheck%20out%20the%20new%20blog%20about%20how%20Microsoft%20machine%20learning%20technologies%20address%20non-PE%20attacks%20that%20rely%20on%20social%20engineering.%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fmicrosoftsecure%2F2018%2F06%2F07%2Fmachine-learning-vs-social-engineering%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EGo%20to%20the%20full%20blog%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20878px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F35592iA8501ECCF3C59541%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22fig4-cloud-ml-models.png%22%20title%3D%22fig4-cloud-ml-models.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20are%20some%20excerpts%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EModern%20social%20engineering%20attacks%20use%20non-portable%20executable%20(PE)%20files%20like%20malicious%20scripts%20and%20macro-laced%20documents%2C%20typically%20in%20combination%20with%20social%20engineering%20lures.%20Every%20month%2C%20Windows%20Defender%20AV%20detects%20non-PE%20threats%20on%20over%2010%20million%20machines.%20These%20threats%20commonly%20arrive%20as%26nbsp%3B%20attachments%20on%20phishing%20email%20or%20through%20drive-by%20web%20downloads%2C%20removable%20drives%2C%20or%20browser%20exploits.%20The%20most%20common%20non-PE%20threat%20file%20types%20are%20JavaScript%20and%20VBScript...%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E...%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fwindows%2Fwindows-defender%3Focid%3Dcx-blog-mmpc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Defender%20AV%3C%2FA%3E%20combines%20local%20machine%20learning%20models%2C%20behavior-based%20detection%20algorithms%2C%20generics%2C%20and%20heuristics%20with%20a%20detonation%20system%20and%20powerful%20ML%20models%20in%20the%20cloud%20to%20provide%20real-time%20protection%20against%20polymorphic%20malware.%20Expert%20input%20from%20researchers%2C%20advanced%20technologies%20like%20Antimalware%20Scan%20Interface%20(AMSI)%2C%20and%20rich%20intelligence%20from%20the%20Microsoft%20Intelligent%20Security%20Graph%20continue%20to%20enhance%20%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FXy3MOxkX_o4%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Enext-generation%3C%2FA%3E%20endpoint%20protection%20platform%20(EPP)%20capabilities%20in%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fwindowsforbusiness%2Fwindows-atp%3Focid%3Dcx-blog-mmpc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Defender%20Advanced%20Threat%20Protection%3C%2FA%3E.%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Check out the new blog about how Microsoft machine learning technologies address non-PE attacks that rely on social engineering. Go to the full blog

 

fig4-cloud-ml-models.png

 

Here are some excerpts:

 

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats commonly arrive as  attachments on phishing email or through drive-by web downloads, removable drives, or browser exploits. The most common non-PE threat file types are JavaScript and VBScript...

 

... Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.