Ransomware attackers leverage Microsoft-Signed Drivers
Microsoft disclosed on Tuesday (Dec 13, 2022) that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity and Microsoft Threat Intelligence Center (MSTIC) ongoing analysis indicates that the signed malicious drivers were likely used to facilitate post-exploitation intrusion activity such as the deployment of ransomware. Learn More »
Background
Since the malware drivers are signed by Microsoft, trust associated with signed drivers can be exploited by threat actors to facilitate large-scale software supply chain attacks. Previously, we have seen many instances of signed software/drivers been taken advantage of. Last year in 2021, the driver, called "Netfilter," signed by Microsoft was used by attackers to plant rootkit and in Dec 2020, another notable supply chain incident occurred after attackers planted a vulnerability on popular SolarWinds Orion platform. Full read at: https://fortiguard.fortinet.com/outbreak-alert/solarwinds
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Dec 13, 2022: Microsoft released security advisory https://msrc.microsoft.com/update-guide/vulnerability/ADV220005
Dec 14, 2022: FortiGuard Labs has released AV protections against "BURNTCIGAR" malware and its variants and recommends all customers to install the latest Windows updates and to ensure that anti-virus and endpoint detection engines are up to date with the latest signatures to prevent these attacks. Apart from virus detections, behavioral based detections are in place to alert on suspicious or malware like activities and overcome the implicit trust granted to Microsoft-signed binaries.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Decoy VM
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Content Update
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.