Swift Headline
Latest News and Updates

Report: Cybercriminals refine tactics to exploit zero-day vulnerabilities

HP Wolf Security captured exploits of the zero-day CVE-2021-40444 — a remote code execution vulnerability in the MSHTML browser engine that can be triggered simply by opening a malicious Microsoft Office document — as early as September 8, a week before a patch was issued.

The latest HP Wolf Security Threat Insights Report shows how cybercriminals continue to innovate in their tactics, techniques, and procedures, and how sophisticated threats like zero-day exploits are rapidly filtering down to less-capable attackers. Looking at the recent CVE-2021-40444 vulnerability, exploit generators emerged on public code-sharing websites days after the vulnerability bulletin was released.

This exploit is ripe for abuse by attackers because they can gain control of a system simply by tricking a victim into previewing a malicious Office document in File Explorer. Because so little user interaction is required to exploit the vulnerability, victims are less likely to realize that their system has been compromised compared to other techniques, giving attackers a head start in achieving their objectives — whether it’s stealing data or holding a business to ransom.

This particular exploit isn’t limited to the most advanced cybercriminals, either. Proof of concept scripts that allowed almost anyone to weaponize the exploit appeared four days before a patch was available for organizations to install. As many organizations will still be deploying the patch, HP expects to see this vulnerability exploited more over the coming months.

One of the emerging malware trends between July and September is that cybercriminals are increasingly piggybacking off legitimate cloud services like OneDrive to host their malware. This allows them to slip past network security controls that rely on website reputation to protect users, such as web proxies. HP also saw an uptick in JavaScript and HTA (HTML Application) malware delivered as email attachments. These file formats have proven effective at evading detection, allowing attackers to reach employee inboxes. In fact, 12% of email malware isolated by HP Wolf Security in Q3 bypassed at least one email gateway scanner.

To protect against zero-day exploits spread via malicious attachments, or stealthy threats that are slipping past detection tools, organizations need to make sure they are following zero trust principles — for example, by using threat isolation as part of a layered defense. This will protect the organization from the most common attack vectors like clicking on malicious links, attachments, and downloads, or visiting malicious web pages. Risky tasks are executed in disposable, isolated virtual machines, separated from the host operating system. If a user opens a malicious document, the malware is trapped — its operator has nowhere to go and nothing to steal. This renders malware harmless and helps keep organizations safe.

Read the full report by HP.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Read original article here

Denial of responsibility! Swiftheadline is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@swiftheadline.com. The content will be deleted within 24 hours.

Facebook Notice for EU! You need to login to view and post FB Comments!

Leave a comment