Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  Hardware drivers approved by Microsoft used in ransomware attacks
PostedinPrivacy and Security Posted on December 14, 2022

Hardware drivers approved by Microsoft used in ransomware attacks

Posted By Matthew.England

Thought you could trust Microsoft-approved drivers? Think again

Researchers at Sophos have identified that vulnerabilities in Microsoft-approved hardware drivers have been exploited in ransomware attacks by a group known as Cuba.

A pair of files were found on compromised machines that Sophos says “work together to terminate processes or services used by a variety of endpoint security product vendors.”

Claiming to have “kicked the attackers off the systems” before things escalated, the company can’t be sure what sort of attacks (if any) may have taken place, though some evidence points at a variant of malware known as ‘BURNTCIGAR’.

Ransomware with Microsoft drivers

Sophos informed Microsoft of its findings, which later published an advisory as part of its monthly Patch Tuesday release.

The tech giant promised to have completed an investigation which found that “activity was limited to the abuse of several developer program accounts and that no compromise has been identified.”

Microsoft has also suspended the partners’ seller accounts in an effort to protect users in the meantime.

A security update has been released that will revoke the certificate for impacted files, and blocking detections now forms part of the OS (when using Microsoft Defender 1.377.987.0 or newer).

As ever, the company is urging its customers to install updates wherever applicable, including to the operating system and to installed antivirus and endpoint protection software. Attacking the target’s security software is usually the precursor to more impactful steps, like deploying ransomware.

More generally, Sophos has noticed a trend that sees threat actors “moving up the trust pyramid, attempting to use increasingly more well-trusted cryptographic keys to digitally sign their drivers.”

By: Craig Hale
Source: www.TechRadar.com
Featured Image Credit: Pixabay

Share on Facebook Share on Twitter
Previous Article
EU’s ‘Right to Be Forgotten’ Includes False Claims About People
Next Article
Temi Review

About Author

Matthew.England

Related Posts

  • CISA: Do these three things to toughen up your network against hackers

    March 17, 2023
  • GitHub Makes Two-Factor Authentication Mandatory

    March 13, 2023
  • Is Windows 11 spying on you? New report details eye-opening levels of telemetry

    February 9, 2023
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • 10 Simple Tips For Fixing DLL Errors January 31, 2011 Computer Help, Privacy and Security
  • AT&T lost nearly 900,000 TV subscribers last quarter April 28, 2020 Business
  • U.S. government considering a ban on TikTok July 9, 2020 Privacy and Security
  • 9 Tips to Boost Your Android Phone’s Battery Life June 20, 2022 Computer Help
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok