The security threat landscape is constantly evolving, and Microsoft has deep data insights from the 6.5 trillion security signals that we analyze every day to over a decade tracking and analyzing software vulnerabilities, exploits, malware, unwanted software, and attacker group methods and tactics via the Security Intelligence Report. In 2018 attackers used a variety of dirty tricks, both new (coin-mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth” but still profitable coin-miners. Another area where cyber criminals increased their activity is the supply chain. One of the most notable, the Dofoil coin-miner outbreak hit on March 6, 2018, kicked off by a poisoned peer-to-peer app. Supply chain concerns went beyond apps and into the cloud and included malicious browser extensions, compromised Linux repositories, and multiple instances of back-doored modules. In this session we’ll discuss the top insights from 2018 and provide recommendations for controls and strategies organizations can put in place to help protect and defend against the shifting sands of emerging threats.