Trend Micro, one of the world's leading providers of cybersecurity solutions, announces the discovery of a security vulnerability in Microsoft Windows Defender.
This is actively exploited by the cybercriminal group Water Hydra. Trend discovered this vulnerability on December 31, 2023 and has automatically protected customers from it since January 1, 2024. Organizations are advised to take immediate action to forestall continued exploitation of this vulnerability by cybercriminals.
The vulnerability (CVE-2024-21412) is an active zero-day vulnerability that was reported to Microsoft by Trend Micro's Zero Day Initiative (ZDI). Trend Micro releases virtual patches an average of 51 days before their actual release, including this zero-day patch for Microsoft. For all other providers, the average time to actually protect their customers was 96 days. The Japanese cybersecurity specialist estimates that customers who applied all virtual patches in 2023 saved an average of $1 million for their business.
Active exploitation by Water Hydra
There is a high risk that vulnerabilities will be exploited by malicious actors targeting any number of industries or companies. In this particular case, the vulnerability is being exploited by the financially motivated APT group Water Hydra to compromise Forex traders participating in the high-stakes Forex trading market. A sophisticated zero-day attack tactic aims to bypass Windows Defender SmartScreen. The attacks aim to infect victims with the DarkMe Remote Access Trojan (RAT) in order to then steal data and spread ransomware.
Virtual patching
Trend's Intrusion Prevention System (IPS) capabilities leverage multiple layers of defense to mitigate advanced threats. They also provide virtual patching by completely blocking the exploitation of CVE-2024-21412. Trend Vision One automatically identifies critical vulnerabilities and provides an overview of all affected endpoints and their potential impact on the overall risk to an organization. Trend's proactive risk management approach reduces the need for reactive measures on “disclosure day” and ensures that customers are well prepared. In contrast, organizations that rely solely on reactive approaches, such as detecting existing traces of attack, are more likely to be exposed to threat. Because perpetrators consciously work to circumvent them.
Importance of Bug Bounty Programs
The performance of ZDI, the world's largest and manufacturer-independent bug bounty program, has become increasingly important in the search for vulnerabilities and the resulting knowledge gained for the further development of patches. The reason for this are two factors in particular:
The zero-day vulnerabilities discovered by cybercriminal groups are increasingly being used in attack chains by nation-state groups such as APT28, APT29 and APT40, expanding their reach.
CVE-2024-21412 is a bypass of CVE-2023-36025, highlighting how easily APT groups can identify and bypass tight vendor patches.
“Zero-day vulnerabilities are an increasingly popular way for threat actors to achieve their goals,” said Richard Werner, business consultant at Trend Micro. “That's why we invest so heavily in threat intelligence research: This allows us to protect our customers months before official manufacturer patches are released. We are proud to create a world with fewer cyber risks.”
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.
Matching articles on the topic