Threat from state actors

17. February 2024
| No comments
Threat from state actors

Share post

Trend Micro, one of the world's leading providers of cybersecurity solutions, announces the discovery of a security vulnerability in Microsoft Windows Defender.

This is actively exploited by the cybercriminal group Water Hydra. Trend discovered this vulnerability on December 31, 2023 and has automatically protected customers from it since January 1, 2024. Organizations are advised to take immediate action to forestall continued exploitation of this vulnerability by cybercriminals.

The vulnerability (CVE-2024-21412) is an active zero-day vulnerability that was reported to Microsoft by Trend Micro's Zero Day Initiative (ZDI). Trend Micro releases virtual patches an average of 51 days before their actual release, including this zero-day patch for Microsoft. For all other providers, the average time to actually protect their customers was 96 days. The Japanese cybersecurity specialist estimates that customers who applied all virtual patches in 2023 saved an average of $1 million for their business.

Active exploitation by Water Hydra

There is a high risk that vulnerabilities will be exploited by malicious actors targeting any number of industries or companies. In this particular case, the vulnerability is being exploited by the financially motivated APT group Water Hydra to compromise Forex traders participating in the high-stakes Forex trading market. A sophisticated zero-day attack tactic aims to bypass Windows Defender SmartScreen. The attacks aim to infect victims with the DarkMe Remote Access Trojan (RAT) in order to then steal data and spread ransomware.

Virtual patching

Trend's Intrusion Prevention System (IPS) capabilities leverage multiple layers of defense to mitigate advanced threats. They also provide virtual patching by completely blocking the exploitation of CVE-2024-21412. Trend Vision One automatically identifies critical vulnerabilities and provides an overview of all affected endpoints and their potential impact on the overall risk to an organization. Trend's proactive risk management approach reduces the need for reactive measures on “disclosure day” and ensures that customers are well prepared. In contrast, organizations that rely solely on reactive approaches, such as detecting existing traces of attack, are more likely to be exposed to threat. Because perpetrators consciously work to circumvent them.

Importance of Bug Bounty Programs

The performance of ZDI, the world's largest and manufacturer-independent bug bounty program, has become increasingly important in the search for vulnerabilities and the resulting knowledge gained for the further development of patches. The reason for this are two factors in particular:

The zero-day vulnerabilities discovered by cybercriminal groups are increasingly being used in attack chains by nation-state groups such as APT28, APT29 and APT40, expanding their reach.
CVE-2024-21412 is a bypass of CVE-2023-36025, highlighting how easily APT groups can identify and bypass tight vendor patches.

“Zero-day vulnerabilities are an increasingly popular way for threat actors to achieve their goals,” said Richard Werner, business consultant at Trend Micro. “That's why we invest so heavily in threat intelligence research: This allows us to protect our customers months before official manufacturer patches are released. We are proud to create a world with fewer cyber risks.”

More at TrendMicro.com

 

About Trend Micro

As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

 

PR News, TrendMicro
, , , ,