Deciphering the Recent Attack Trend on Windows Systems

What is the latest update?

• According to AV Test’s 2019/2020 Security Report, Windows computers suffered the highest number of malware attacks in the first quarter of 2020.
• These computers accounted for 83.45% of all malware attacks reported in Q1 2020.
• In 2019, Windows systems were used in 78.64% of malware attacks.

Recent attack trends

• Researchers demonstrated a new attack method that abused Windows ‘finger.exe’ command to exfiltrate data from computers and to install malicious files.
• In another attack method cited by researchers, attackers can leverage specially-crafted Windows 10 themes and theme packs to steal Windows account credentials from unsuspecting users. The malicious themes could also be used to perform Pass-the-Hash attacks.
• Emotet operators used a fake Windows 10 Mobile operating system to spread the malware. The fake document was distributed through phishing emails.
• A new strain of malware named KryptoCibule targeted Windows systems in the Czech Republic and Slovakia with an aim to install cryptocurrency miner on victims’ systems, steal cryptocurrency wallet-related files, and replace wallet addresses.
• In mid-August, security experts detected the exploitation of a zero-day flaw (CVE-2020-0986) in Windows OS in a targeted attack on a South Korean company.

Unpatched Windows vulnerabilities are the Achilles' heel 

• In a joint advisory released in May, the US-CERT outlined a list of 10 vulnerabilities that were mostly exploited between 2016 and 2019.
• The list includes two vulnerabilities - CVE-2017-0143 and CVE-2017-0199 - affecting different versions of Windows OS.
• While Windows Vista SP2, Windows 7 SP1, and Windows 8.1are vulnerable to CVE-2017-0199, the CVE-2017-0143 affects Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016.
• Foreign actors continue to exploit publicly known software vulnerabilities against broad target sets, including public and private sector organizations.

What else?

• Failing to upgrade systems to the latest versions can result in a greater risk. In early August, the FBI warned companies running Windows 7 systems are at an increased risk of cyberattacks due to it reaching end-of-life (EOL).
• The agency alerted that the legacy platform may inadvertently provide threat actors with access to vulnerable organizations' networks.

Conclusion