Social media data can provide critical clues to help get ahead of the next cyberattack, experts say. Read More
Related Posts
Cloudflare blames recent outage on BGP hijacking incident
Cloudflare blames recent outage on BGP hijacking incident
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. […] Read More
Hackers Actively Exploiting Microsoft SmartScreen Vulnerability To Deploy Stealer Malware
Hackers Actively Exploiting Microsoft SmartScreen Vulnerability To Deploy Stealer Malware
Hackers attack Microsoft SmartScreen as it’s a cloud-based, anti-phishing, and anti-malware component that determines whether a website is potentially malicious, protecting users from downloading harmful viruses.
By exploiting vulnerabilities in SmartScreen, hackers can sneak past Windows Defender and spread malware onto users’ devices.
Cybersecurity researchers at Cyble recently discovered that hackers have been actively exploiting the Microsoft SmartScreen vulnerability to deploy stealer malware.
Microsoft SmartScreen Vulnerability
In January 2024, the Zero Day Initiative of Cyble discovered a DarkGate campaign exploiting CVE-2024-21412 via fake software installers.
Microsoft patched the vulnerability on February 13, but Water Hydra and other groups continued to leverage it to deploy malware, including DarkMe RAT, by bypassing SmartScreen with internet shortcuts.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Malicious links to internet shortcuts hosted on WebDAV shares are typically distributed via spam email.
When these shortcuts are run, they skip the SmartScreen step and launch a multi-step attack that uses PowerShell as well as JavaScript scripts.
Finally, the campaign installs information-stealing malware such as Lumma and Meduza Stealer, showing how threat actors have been evolving in their approach to exploiting recently patched vulnerabilities.
The threat actor targets individuals and organizations globally, using lures like fake Spanish tax documents, US Department of Transportation emails, and Australian Medicare forms.
It is a very crafty technological attack that exploits CVE-2024-21412 to bypass Microsoft Defender SmartScreen.
The attackers may send phishing emails containing a malicious link that leads to a WebDAV-hosted internet shortcut.
The attack chain includes multiple steps, with the last one involving JavaScript embedded in benign executables, using legitimate Windows utilities and poisoning them for malicious LNK file purposes.
Here, the PowerShell scripts decrypt and execute additional payloads, install malware, and display a decoy document on the victim’s machine.
Some of the methods used in this campaign include DLL side-loading and IDAT loader exploitation to distribute Lumma and Meduza Stealer malware.
The payload is then injected into explorer.exe. Increasing utilization of CVE-2024-21412, coupled with such elaborate approaches, confirms a cyber threat environment that is transforming very fast.
This development could be hurried by the availability of Malware-as-a-Service offerings, consequently underlining the urgent requirement for proactive security measures and continuous changes to counter new threats arising from such avenues.
Recommendations
Here below we have mentioned all the recommendations:-
Verify emails and links
Use advanced email filtering
Avoid suspicious links
Keep software up-to-date
Monitor forfiles utility
Limit scripting languages
Implement application whitelisting
Segment your network
IoCs
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post Hackers Actively Exploiting Microsoft SmartScreen Vulnerability To Deploy Stealer Malware appeared first on Cyber Security News.
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity
NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks.
The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek.
SecurityWeek RSS Feed