Hacker’s Rootkit Had Microsoft-issued Digital Signature

Image for article titled Hackers Have Been Using a Rootkit That Somehow Got Microsoft's Digital Seal of Approval

Photo: Drew Angerer (Getty Images)

A recent report by cybersecurity firm Bitdefender shows that e-criminals have been using a particular rootkit, dubbed “FiveSys,” that bafflingly received a digital signature from Microsoft.

The malicious program apparently allowed attackers “virtually unlimited privileges” on affected systems and was used by hackers to target online gamers for credential theft and in-game purchase hijacking. Researchers say it’s definitely possible that “FiveSys” could be redirected towards other kinds of data theft, too.

Rootkits are malicious programs designed to allow criminals prolonged access to a particular server or device. With a rootkit, an attacker can remain embedded in a particular computer, unbeknownst to the device’s operating system or its anti-malware defenses, for long periods of time. They also typically give attackers high levels of control over a particular system or device.

Digital signatures, meanwhile, are basically algorithms that companies and other large organizations use for security purposes. Signatures create a “virtual fingerprint” connected to specific entities that are meant to verify their trustworthiness. Microsoft utilizes a digital signing process as a security measure meant to rebuff programs that do not appear to have come from trusted sources.

However, the company’s security protocols appear to have been no match for the “FiveSys” rootkit and its cybercriminal handlers—which managed to get their malicious program signed with Microsoft’s digital rubber stamp of approval. It’s not totally clear how they did that.

“Chances is that it was submitted for validation and somehow it got through the checks,” Bogdan Botezatu, director of threat research and reporting, told ZDNet. “While the digital signing requirements detect and stop most of the rootkits, they are not foolproof.”

After being contacted by Bitdefender, Microsoft subsequently revoked the rootkit’s signature, meaning the program will no longer have access to systems. When reached for comment, a Microsoft spokesperson provided Gizmodo with the following statement: “We have built-in detections in place…


Public officials are under physical and digital siege

I am deeply troubled by recent events in which attackers appear to target U.S. diplomats with the purpose of causing them debilitating health symptoms. These symptoms include dizziness, headache, fatigue, nausea, anxiety, cognitive difficulties and memory loss. This illness has been dubbed “Havana Syndrome” because it was first experienced by U.S. State Department personnel stationed in Cuba beginning in late 2016.

We are observing a similar pattern of brazen and sophisticated attacks on our public officials in the digital world. One type of attack we are increasingly seeing involves attackers using “botnets,” large, coordinated groups of compromised computing devices that attackers direct to attack specific targets, often websites. Attackers are now using sophisticated botnets to scrape government websites for the personal information of U.S. officials. The attackers then use the scraped data to blackmail or phish public officials. Artificial intelligence (AI)-controlled bots can hit vast numbers of sites at lightening speeds and enable attackers to target specific individuals who are likely to have access to sensitive government information. If officials are successfully phished, attackers can steal credentials and potentially access sensitive government information and platforms. 

We are also seeing a major uptick in the impersonation or takeover of public officials’ social media accounts by bad actors. While an account takeover would be a frustrating nuisance to most of us, the takeover of a high-level public official’s social media account could have real world security or economic impacts.

We saw a hint of how extensive this threat could be last year, when the Twitter accounts of many public figures, including former President Barack Obama and President Joe Biden were compromised. While attackers only leveraged their position to promote a Bitcoin scam, one could easily see how this could be used for more nefarious and harmful purposes. For example, an account takeover or a convincing impersonation of a Federal Reserve official could potentially result in disinformation that impacts global stock markets. 

Solutions that can help mitigate these digital threats…


Roadmap to secure digital banking and delight customers

Digital payment credential use including smart phone mobile payments is skyrocketing. E-commerce continues its sharp upward trajectory with the associated exponential growth in card-not-present (CNP) transactions. And remote account opening has become the norm. Sound familiar? What about growing consumer privacy concerns? Increasing incidents of identity theft? Intensifying threat landscape?

There’s no doubt that banking is undergoing unprecedented digital transformation creating new opportunities and challenges for financial institutions, merchants, and consumers. With global identity fraud losses topping $56B