Deciphering the Recent Attack Trend on Windows Systems

At the beginning of the year, Microsoft announced the scrapping of Windows 7 but there are millions of PCs worldwide running other versions of Windows that are still vulnerable to cyberattacks.

What is the latest update?

  • According to AV Test’s 2019/2020 Security Report, Windows computers suffered the highest number of malware attacks in the first quarter of 2020.
  • These computers accounted for 83.45% of all malware attacks reported in Q1 2020.
  • In 2019, Windows systems were used in 78.64% of malware attacks.

Recent attack trends

  • Researchers demonstrated a new attack method that abused Windows ‘finger.exe’ command to exfiltrate data from computers and to install malicious files.
  • In another attack method cited by researchers, attackers can leverage specially-crafted Windows 10 themes and theme packs to steal Windows account credentials from unsuspecting users. The malicious themes could also be used to perform Pass-the-Hash attacks.
  • Emotet operators used a fake Windows 10 Mobile operating system to spread the malware. The fake document was distributed through phishing emails.
  • A new strain of malware named KryptoCibule targeted Windows systems in the Czech Republic and Slovakia with an aim to install cryptocurrency miner on victims’ systems, steal cryptocurrency wallet-related files, and replace wallet addresses.
  • In mid-August, security experts detected the exploitation of a zero-day flaw (CVE-2020-0986) in Windows OS in a targeted attack on a South Korean company.

Unpatched Windows vulnerabilities are the Achilles' heel 

  • In a joint advisory released in May, the US-CERT outlined a list of 10 vulnerabilities that were mostly exploited between 2016 and 2019.
  • The list includes two vulnerabilities - CVE-2017-0143 and CVE-2017-0199 - affecting different versions of Windows OS.
  • While Windows Vista SP2, Windows 7 SP1, and Windows 8.1are vulnerable to CVE-2017-0199, the CVE-2017-0143 affects Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016.
  • Foreign actors continue to exploit publicly known software vulnerabilities against broad target sets, including public and private sector organizations.

What else?

  • Failing to upgrade systems to the latest versions can result in a greater risk. In early August, the FBI warned companies running Windows 7 systems are at an increased risk of cyberattacks due to it reaching end-of-life (EOL).
  • The agency alerted that the legacy platform may inadvertently provide threat actors with access to vulnerable organizations' networks.

Conclusion

With cybercriminals actively scanning for vulnerable systems and legacy platforms, organizations should ensure that antivirus, spam filters, and firewalls are up-to-date, properly configured, and secured. Auditing of network configurations and isolated computer systems that cannot be updated should also be carried out periodically.