Malware comes via Microsoft Defender

2. August 2022 –
Cyber ​​criminals use vulnerabilities in legitimate tools like Microsoft Defender to install their proprietary ransomware, Lockbit, on target systems.

Security researchers from Sentinelone have discovered an unpleasant side effect of Microsoft’s cybersecurity solution Defender: Cyber ​​criminals use the known Log4j vulnerability to install malicious code, more precisely the malware Cobalt Strike, via the Defender command line tool mpcmdrun.exe. Cobalt Strike gives attackers control of the system, allowing them to reload Lockbit ransomware. The attackers are apparently the operators of the ransomware-as-a-services service Lockbit.

That legitimate tools like Defender are abused for cyber attacks is not new. According to Sentinelone’s blog post, there was a similar case back in April 2022. Back then, the same actors used the VMware tool vmwarexferlogs.exe and Windows Powershell to deliver their ransomware to the target systems running an unpatched VMware Horizon server. (ubi)

See also  Corona-Warn-App 2.11: QR-Code-Scanner eingebaut



Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media

Most Popular

On Key

Related Posts