New research released today indicates that Cuba has been using pieces of malware in its attacks that were certified, or given a seal of approval, by Microsoft.
. Microsoft says it has suspended the Partner Center accounts that were being abused, revoked the rogue certificates, and released security updates for Windows related to the situation. The company adds that it hasn't identified any compromise of its systems beyond the partner account abuse.“These attackers, most likely affiliates of the Cuba ransomware group, know what they’re doing—and they’re persistent," says Christopher Budd, director of threat research at Sophos.
Cryptographic software signing is an important validation mechanism meant to ensure that software has been vetted and anointed by a trusted party or “certificate authority.” Attackers are always looking for weaknesses in this infrastructure, though, where they can compromise certificates or otherwise undermine and abuse the signing process to legitimize their malware.
“Mandiant has previously observed scenarios when it is suspected that groups leverage a common criminal service for code signing,” the company published today. “The use of stolen or fraudulently obtained code signing certificates by threat actors has been a common tactic, and providing these certificates or signing services has proven a lucrative niche in the underground economy.”
Indonesia Berita Terbaru, Indonesia Berita utama
Similar News:Anda juga dapat membaca berita serupa dengan ini yang kami kumpulkan dari sumber berita lain.
Rackspace says ‘known ransomware group’ is behind attack on servers; still working to retrieve dataRackspace has not said if it paid a ransom to have access to the information returned.
Baca lebih lajut »
Jaguars defense abused by Derrick Henry — until they began to rack up the turnovers'Hats off to the defense.' For the first quarter, Derrick Henry looked like running over the Jaguars once again — until the defense stepped up in Nashville.
Baca lebih lajut »
Breakingviews - Microsoft plugs into LSEG data driveLSEG has enlisted Microsoft to upgrade its data business. The software giant on Monday unveiled a 10-year alliance with the owner of the London Stock Exchange and bought 4% of the $52 billion company. It’s a way for LSEG boss David Schwimmer to boost revenue, though investors will have to wait to see the results.
Baca lebih lajut »
Microsoft to buy stake in London Stock Exchange, which commits to spending billions on cloud servicesMicrosoft on Monday said it was investing in the London Stock Exchange in a deal that will see the stock exchange use the software giant's data and cloud...
Baca lebih lajut »