Woburn, MA – November 14, 2018 – In October 2018, Kaspersky Lab Automatic Exploit Prevention technology, embedded in most of the company’s products, detected a new exploit for a zero-day vulnerability in Microsoft Windows. Kaspersky Lab reported the vulnerability, and Microsoft released a patch for it this week. This was the second consecutive zero-day exploit used in a series of cyberattacks in the Middle East in just one month.
Cyberattacks that leverage zero-day vulnerabilities are considered to be some of the most dangerous, as they involve the exploitation of an undiscovered weakness, making them difficult to detect and prevent. If these weaknesses are discovered by cybercriminals, such a vulnerability could be used for the creation of an exploit. For example, this “hidden threat” attack scenario is widely used by sophicticated actors in APT attacks.
Kaspersky Lab’s analysis into the new exploit led researchers to discover a previously unknown zero-day vulnerability. While the delivery method is still unknown, the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system. The exploit was only able to target machines running the 32-bit version of Windows 7. Upon discovery, Kaspersky Lab immediately reported the vulnerability to Microsoft.
According to Kaspersky Lab experts, there is no clear insight as to which actor(s) may be behind the attacks. However, the developed exploit is being used by at least one APT actor.*
Just a few weeks before this discovery, Kaspersky Lab spotted another exploit for a zero-day vulnerability in Microsoft Windows, which was being delivered to victims via a PowerShell backdoor. Kaspersky Lab technology proactively identified the threat, and it was reported to Microsoft and patched in early October.
“Autumn 2018 became quite a hot season for zero-day vulnerabilites,” said Anton Ivanov, security expert at Kaspersky Lab. “In just a month, we discovered two of these threats and detected two series of attacks in one region. The discreteness of cyberthreat actors’ activities reminds us that it is of critical importance for companies to have in their possesion all the necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats. Otherwise, they could face complex targeted attacks that will seemingly come out of nowhere.”
To avoid zero-day exploits, Kaspersky Lab recommends that companies implement the following technical measures:
- If possible, avoid using software that is known to be vulnerable or recently used in cyber-attacks.
- Make sure that all software used by your company is regularly updated to the most recent versions. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.
- Use a robust security solution, such as Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.
- If your company could become a subject of targeted attacks, use advanced security tools like Kaspersky Anti Targeted Attack Platform.
- Ensure your security team has access to the most recent cyberthreat intelligence.
For more information on the zero-day exploit for Microsoft Windows detected by Kaspersky Lab, visit Securelist.com.
*For more details, please contact [email protected].