New 'MysterySnail' exploit used to hijack Windows Server deployments
Date:
Thu, 14 Oct 2021 11:25:49 +0000
Description:
Researchers uncover trojan that exploited zero-day in a core Windows driver found in virtually all WIndows releases.
FULL STORY ======================================================================
Cybersecurity experts have helped quash a mysterious new remote access
trojan (RAT) that exploited a zero-day in an essential Windows driver to launch a privilege escalation exploit.
Discovered and reported by Kaspersky , Microsoft has patched the zero-day
that was exploited by the trojan in the October 2021 edition of Patch
Tuesday.
The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309 , but closer analysis revealed that it was a zero-day. We discovered that it was using a previously unknown vulnerability in the Win32k driver, observed the researchers. TechRadar needs you!
We're looking at how our readers use VPNs with streaming sites like Netflix
so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
Click here to start the survey in a new window << Here's our list of the best small business servers available These are the best dedicated server hosting providers Weve also rounded up the best bare metal hosting services
Named MysterySnail by Kaspersky, the trojans code and use of the command and control (C2) infrastructure leads the researchers to associate the attack
with the Chinese threat actor known as IronHusky. Zero-day exploit
Analysis of the exploit revealed that it was written to attack not just the latest Windows 10 and Windows Server 2019 releases, but also older, even supported ones going as far back as Windows Vista.
Further analyses of its malicious payload revealed similarities with several variants that were previously used in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.
Security experts TechRadar Pro spoke to agreed that while zero-day attacks have unfortunately become a fact of life for enterprise security, businesses can minimize their damage with active monitoring.
With OS and application vulnerabilities arising almost daily, its clear that attackers are hard at work in discovering new exploits. Monitoring for
unusual activity is one of the only ways of making sure that such breaches
are caught and addressed quickly, says Saryu Nayyar, CEO of security vendor Gurucul.
Furthermore, access review experts YouAttest believe thorough and regular reviews of identities will also help de-fang privilege escalation exploits.
Enterprises must practice identity security and have alerts on privilege escalation and conduct regular reviews of identities to ensure the principle of least privilege is practiced across the enterprise - to insure once a credential is compromised, the proper alerts occur and the damage in minimized," believes Garret Grajek, CEO, YouAttest. Here are the best cloud hosting services on the market
======================================================================
Link to news story:
https://www.techradar.com/news/new-mysterysnail-exploit-used-to-hijack-windows -server-deployments/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)