Microsoft has banned developer accounts used to sign drivers used in credential theft scams
THE Microsoft banned a number of accounts from its software development program after initiative-certified drivers were used in ransomware attacks. In a joint release with digital security firms, the company mentions at least three gangs and several attacks involving ransomware and attempts to steal credentials.
- Vulnerable drivers armed with ransomware scams
- Windows releases a new security option to block vulnerable drivers
The malicious campaigns were discovered in October and involved drivers accessing the Windows kernel in order to gain the highest privileges in the operating system. Thus, criminals were able to disable security software and perform advanced tasks on the contaminated devices, including downloading new threats that were mostly used in attacks where an initial compromise had already been performed.
So-called kernel-mode drivers can only run in Windows if they are officially signed, with Microsoft’s developer program acting as a barrier to verifying the perpetrators and authenticating their software. Microsoft didn’t say how many accounts were banned as part of the campaign, but according to information from partner security firms, there are at least nine.
Some details on the blows struck have also come from the specialists. Sophos, for example, linked an attack using malicious drivers to the Cuba ransomware gang, while SentinelOne pointed the finger at Hive. According to her, the gang targets telecommunications, financial services, managed security and outsourcing firms, with the identified attack having taken place against a firm in the healthcare segment.
Mandiant, on the other hand, has drawn attention to a group called UNC3944, which has used the method in scams involving the theft of credentials or the cloning of cell phone numbers and SIM cards. The initial compromise, in most cases, occurs before the attack itself, through phishing campaigns or information leaks, which also suggests that the subscription itself could also be a service offered to cybercriminals.
The proliferation of threats is another indication of this. While BYOB (or “bring your own driver”) attacks are becoming commonplace, the idea that legitimate developer accounts have been compromised for this purpose, or worse yet, created and validated for use in attacks, calls to mind the attention as a new format. Microsoft said it was still investigating the case and would not comment on how profiles passed mandatory checks to enter the program.
To achieve this, criminals would have to go through a lengthy process that also involves purchasing validation certificates, another indication that this is a targeted criminal operation. After verification by Microsoft, the drivers are accepted, with program trust causing even security and monitoring software to automatically grant permission for software signed in this way, which increases the risk in case system compromise.
The company also warns that it has already released an update for Windows that revokes certificates, which also causes drivers installed on compromised machines to stop working. The recommendation is for an immediate update, while the company emphasizes that it is looking for other ways to ensure that incidents of this type do not happen again.
Source: Microsoft
Trending on Canaltech:
- Method discovered that can cure depression in just 2 hours
- The peak of the Geminids meteor shower occurs this Wednesday; know how to observe
- Kinesthesia, our sixth sense, is being revealed by scientists
- The government seizes 49 tons of contaminated raisins that would go into the panettone
- GameSir G7 Review | Xbox controller better than the original?
- What if a person only eats meat?
🇧🇷The best content in your email for free. Choose your favorite Terra newsletter. Click here!
Source: Terra
Camila Luna is a writer at Gossipify, where she covers the latest movies and television series. With a passion for all things entertainment, Camila brings her unique perspective to her writing and offers readers an inside look at the industry. Camila is a graduate from the University of California, Los Angeles (UCLA) with a degree in English and is also a avid movie watcher.
