Kaspersky has detected a new wave of cyber attacks. The malware behind these attacks is using a previously unexplored vulnerability in the Microsoft Windows operating system, and is trying to take control of computers in the Middle East in particular. The offensive was closed on 9 October with a patch issued by Microsoft.
The attacks, which use zero-day system vulnerabilities, are among the most dangerous cyber threats, because it does not give the attacker an opportunity to close the gap and defend himself. Attacks designed to take advantage of such exploits often cause cyber attackers to take control of the entire system. Sophisticated attacks, especially APT type, often bring this scenario to life, including the latest attack.
The Microsoft Windows attack in question is performed using a newly discovered vulnerability on PowerShell. The attacker was able to infiltrate the system and identify the privileges that would help him take over the system. Extremely well-coded attack is capable of attacking many Windows versions.
The attack was discovered at the end of last summer when it targeted a dozen organizations in the Middle East. Behind the attack is thought to be the famous FruityArmor group with the use of the PowerShell rear doors. Kaspersky Lab experts reported the vulnerability to Microsoft at the moment they noticed the situation.
Kaspersky Lab recommends that you take the following precautions to avoid such attacks:
Avoid using software that has known flags and has recently been used in cyber attacks.
Be sure to regularly update the software you are using. Vulnerability Assessment ( security vulnerability assessment) and Patch Management (patch management) use security solutions with features.