Threat actors abuse legitimate Microsoft drivers to bypass security – Cybersecurity Dive




SentinelOne found a threat actor abusing a Microsoft signed malicious driver in order to evade a number of security products. In other cases the driver was used to control, pause or kill various processes on the targeted endpoints, according to researchers. In a number of cases the attackers tried to offer SIM swapping services, according to SentinelOne. 
Over the course of 2022, the attacks focused on telecommunications and business process outsourcing companies. Other targets included managed security service providers, financial services, entertainment and other industries. 
A separate threat actor was also seen using Microsoft signed drivers to deploy Hive ransomware against a target in the medical industry. 
“The drivers referenced were used in different attempts to disable endpoint protection of various products at victim sites,” Brian Bartholomew, researcher at SentinelOne, said via email. “After analyzing the malicious tools, we realized the severity of the issue as the malicious components were effectively signed by Microsoft, which allowed them to bypass other security checks.”
The several distinct malware families, associated with distinct threat actors, used a technique known as “attestation signing,” Mandiant researchers said. By using this technique they become trusted by Microsoft. 
Mandiant said a financially motivated threat actor, identified as UNC3944, was seen deploying the signed malware. The group has been active since at least May of this year, and uses credentials stolen from SMS phishing operations.  
Get the free daily newsletter read by industry experts
Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page