Kaspersky Lab technology detects a zero-day exploit for Microsoft Windows in the wild
Kaspersky Lab Automatic Exploit Prevention technology, embedded in most of the company’s endpoint solutions, has detected a series of targeted cyber-attacks.
Kaspersky Lab Automatic Exploit Prevention technology, embedded in most of the company’s endpoint solutions, has detected a series of targeted cyber-attacks. The attacks were attempted by a new piece of malware that exploited a previously unknown zero-day vulnerability in the Microsoft Windows operating system. The intension was for cybercriminals to gain persistent access to victim systems in the Middle East. The vulnerability was patched by Microsoft on 9 October.
An attack via a zero-day vulnerability is one of the most dangerous forms of cyberthreat, as it involves the exploitation of a vulnerability that is yet to be discovered and fixed. If found by threat actors, a zero-day vulnerability can be used for the creation of an exploit that will open access to a whole system. This attack scenario is widely used by sophicticated actors in APT attacks, and was used here.
The discovered Microsoft Windows exploit was delivered to the victims via a PowerShell backdoor. It was then executed in order to get the necessary privileges for persistence on victim systems. The code of the malware was of high quality and was written to enable the reliable exploitation of as many different Windows builds as possible.
The cyber-attacks targeted less than a dozen of various organizations in the Middle East during the late summer. It is suspected that the actor behind the attack could be related to the FruityArmor group – as a PowerShell backdoor has exclusively been used by this threat actor in the past. Upon discovery, Kaspersky Lab’s experts immediately reported the vulnerability to Microsoft.
Kaspersky Lab products detected this exploit proactively through the following technologies:
- Via Kaspersky Lab’s behavioral detection engine, and Automatic Exploit Prevention components inside the company’s security products.
- Through Advanced Sandboxing and the Antimalware engine within the Kaspersky Anti Targeted Attack Platform
“When it comes to zero-day vulnerabilites, it is critical to actively monitor the threat landscape on for new exploits. At Kaspersky Lab, our constant threat intelligence research aims to not only find new attacks, and establish the targets of different cybethreat actors, we are also intent at learning what malicious technologies these criminals use. As a result of our research, we have a foundation layer of detection technologies which let us prevent attacks - such as the one that intended to use this vulnerability,” said Anton Ivanov, security expert at Kaspersky Lab.
To avoid zero-day exploits Kaspersky Lab recommends implementing the following technical measures:
- Avoid using software that is known to be vulnerable or recently used in cyber-attacks.
- Make sure that the software used in your company is regularly updated to the most recent versions. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.
- Use a robust security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection capabilities for effective protection against known and unknown threats including exploits.
Find more details on Securelist.com
Full report is available for our customers on the Kaspersky Lab APT Intelligence Reporting
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Kaspersky Lab technology detects a zero-day exploit for Microsoft Windows in the wild
Kaspersky
Related Articles Press Releases
Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design
Kaspersky has presented an updated operating system for thin clients that offers enhanced connectivity, higher speed of applications delivery, lower total cost of ownership, user-friendly graphical interface and quick deployment. Kaspersky Thin Client 2.0 is the main component of the Cyber Immune solution for building thin client infrastructure in a wide range of industries, including healthcare, finance, education and manufacturing.Read More >New DuneQuixote cyberespionage campaign targets governmental entities worldwide
Kaspersky researchers have discovered an ongoing malicious campaign initially targeting a governmental entity in the Middle East. Further investigation uncovered more than 30 malware dropper samples actively employed in this campaign, allegedly expanding the victimology to APAC, Europe and North America. Dubbed DuneQuixote, the malware strings incorporate snippets taken from Spanish poems to enhance persistence and evade detection, with the ultimate goal of cyber espionage.Read More >Kaspersky Extended Detection and Response now available for implementation into business infrastructures
Kaspersky has announced that its new solution, Kaspersky Extended Detection and Response (XDR), is now available to customers after a successful evaluation phase with early adopters in a test environment. Companies can now seamlessly integrate this advanced product into their infrastructure under its new name, ‘Kaspersky Next XDR Expert’.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.