Η technology Kaspersky Lab Automatic Exploit Prevention - which is integrated into most of the company's security solutions for terminals - has detected a number of targeted digital attacks. The attacks were attempted by a new malware that exploited a widespread zero-day vulnerability in the operating system Microsoft Windows 10. The intention of the cybercriminals was to gain full access to the victims' systems in the Middle East. This vulnerability was fixed by Microsoft on October 9.
A zero-day attack is one of the most dangerous forms of cyber threats, as it involves exploiting a vulnerability that has not yet been discovered and identified. If discovered by a threat agent, a zero-day vulnerability could be used to create an exploit that could give access to the attacker's entire company-industry computing system. This form of attack is widespread by advanced ART attack agents and has been used in this case as well.
The exploit, which was discovered in Microsoft Windows software, reached the victims through a PowerShell backdoor. The exploit was then carried out in order for the sender to obtain the necessary privileges to be present in the victims' systems. The malware code was of high quality and written to facilitate the efficient operation of as many different Windows as possible.
Digital attacks have targeted less than a dozen prominent organizations in the Middle East over the past summer. The team behind the attack is thought to be FruityArmor - as the PowerShell backdoor has been used exclusively by this team in the past. Immediately after the discovery, Kaspersky Lab experts immediately reported the vulnerability to Microsoft.
Kaspersky Lab products detected this exploit prophylactically using the following technologies:
- Via Kaspersky Lab Behavior Detection Engine and Auto Prevention Spread Tools available on all of the company's security products.
- Via Advanced Sandboxing and the Antimalware mechanism available on the Kaspersky Anti Targeted Attack platform.
As he said Anton Ivanov, Kaspersky Lab security specialist,
"When it comes to zero-day vulnerabilities, it is important to actively monitor the threat landscape for new exploits. At Kaspersky Lab, the ongoing search for intelligent threats helps us not only to find new attacks, but also to target different digital threats. We also intend to find out what malicious technologies these criminals are using. "As a result of our research, we have a powerful technological detection tool that allows us to prevent attacks - like the one that was intended to exploit this vulnerability."
To avoid zero-day exploits, Kaspersky Lab recommends the following technical measures:
- Avoid using software that is known to be vulnerable or that has recently been used in digital attacks.
- Make sure the software used by your company is regularly updated to the latest versions. Security products with Vulnerability Assessment and Patch Management capabilities can help automate these processes.
- Use a powerful security solution, such as Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including expoits.