Tag Archive for: microsoft

North Korea and Iran using AI for hacking, Microsoft says | Hacking

/in


US adversaries – chiefly Iran and North Korea, and to a lesser extent Russia and China – are beginning to use generative artificial intelligence to mount or organize offensive cyber operations, Microsoft said on Wednesday.

Microsoft said it detected and disrupted, in collaboration with business partner OpenAI, many threats that used or attempted to exploit AI technology they had developed.

In a blogpost, the company said the techniques were “early-stage” and neither “particularly novel or unique” but that it was important to expose them publicly as US rivals leveraging large-language models to expand their ability to breach networks and conduct influence operations.

Cybersecurity firms have long used machine-learning on defense, principally to detect anomalous behavior in networks. But criminals and offensive hackers use it as well, and the introduction of large-language models led by OpenAI’s ChatGPT upped that game of cat-and-mouse.

Microsoft has invested billions of dollars in OpenAI, and Wednesday’s announcement coincided with its release of a report noting that generative AI is expected to enhance malicious social engineering, leading to more sophisticated deepfakes and voice cloning. A threat to democracy in a year where over 50 countries will conduct elections, magnifying disinformation and already occurring,

Microsoft provided some examples. In each case it said all generative AI accounts and assets of the named groups were disabled:

The North Korean cyber-espionage group known as Kimsuky has used the models to research foreign thinktanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.

Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in troubleshooting software errors and even in studying how intruders might evade detection in a compromised network. That includes generating phishing emails “including one pretending to come from an international development agency and another attempting to lure prominent feminists to an attacker-built website on feminism”. The AI helps accelerate and boost the email production.

The Russian GRU military intelligence unit known…

Source…

DarkMe Malware Exploits Windows Defender Vulnerability: Microsoft Issues Patch

/in


Cybersecurity firm Trend Micro’s Zero Day Initiative recently unmasked a critical vulnerability, designated as CVE 2024-21412, that enabled the notorious APT group Water Hydra to circumvent Microsoft Defender SmartScreen and unleash the DarkMe malware upon unsuspecting victims. In a timely response, Microsoft has since patched the vulnerability, and Trend Micro now offers protection against this insidious threat.

The DarkMe Malware: A Sinister Force Unleashed

The DarkMe malware, a formidable adversary in the cyber world, has gained notoriety for its ability to infiltrate systems and wreak havoc on a grand scale. This malware variant, also known as TrojanWin32Powessere.G or ‘POWERLIKS’, typically employs the rundll32.exe file to execute its nefarious operations. Under normal circumstances, Windows Defender thwarts such attempts, presenting attackers with an ‘Access is denied’ error message.

However, the recently discovered vulnerability has provided a chink in Windows Defender’s armor, allowing the DarkMe malware to slip through the cracks and infect countless systems. By inserting multi-commas (,,) when referencing mshtml, cybercriminals found a way to bypass the mitigation measures, enabling the trojan to execute successfully and leaving victims at the mercy of the Water Hydra APT group.

The Vulnerability: A Critical Flaw in Windows Defender SmartScreen

The vulnerability, classified as having a high severity rating, requires local network access to be exploited. This means that an attacker must first gain entry to a victim’s network before they can capitalize on the flaw. Once inside, the attacker can then leverage the vulnerability to bypass Windows Defender SmartScreen, paving the way for the DarkMe malware to infiltrate the system.

The discovery of this vulnerability has sent shockwaves through the cybersecurity community, as it highlights the ever-evolving nature of the threats we face in today’s digital landscape. As cybercriminals continue to refine their tactics and develop new methods of attack, it’s crucial that cybersecurity professionals remain vigilant and proactive in their efforts to protect against such…

Source…

Microsoft hack: Five questions enterprises should ask their IT leaders

/in


Software giant Microsoft revealed in mid-January 2024 that its systems were successfully infiltrated at the end of 2023 by Russia-backed hacking group Midnight Blizzard, as part of a coordinated and targeted information-gathering exercise.

Microsoft confirmed the details of the attack in a statement published online on Friday 19 January 2024,  where it revealed the attack was first detected on 12 January 2024 and the immediate activation of its internal response processes meant it was able to immediately remove the hackers from its systems.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI [artificial intelligence] systems,” said Microsoft in its statement.

“We will notify customers if any action is required. This attack does highlight the continued risk posed to all organisations from well-resourced nation-state threat actors like Midnight Blizzard.”

And while Microsoft made it clear in its statement that no customer data or services were put at risk during the attack, Microsoft did publish a broader warning in its Security Threat Intelligence Blog on 25 January 2024  that stated its investigation into the hack is still on-going and further details about the impact of the attack may still come to light.

As a result, here are five questions enterprise users of Microsoft’s cloud services should be asking of their CIO, CTO and CISO in the wake of this attack.

  1. Microsoft presents itself as being an intrinsically secure platform – is that still the case?

This is a key question because a company’s risk profile should be under continuous, ongoing re-assessment in any event, and the flurry of recent Microsoft hacks ought to be on their risk radar.

It is not clear how (or even if) Microsoft will be able to 100% guarantee its entire cloud environment is now clean and free from hackers, and they’ve reported being attacked successfully multiple times by Chinese and Russia-backed hacking groups.

  1. Are we relying on the same security controls as Microsoft do?

Microsoft disclosed the Midnight Blizzard hackers were inside its systems for up to 42 days before they were…

Source…

Hackers using Microsoft Teams for phishing attacks to spread malware: Report

/in


Cybercriminals are leveraging Microsoft Teams for a new malware campaign, using group chat requests to push DarkGate malware paylo…
Read More
Cybercriminals are using Microsoft’s video conferencing platform Teams for a new malware campaign. According to a report by AT&T Cybersecurity research, hackers are using Microsoft Teams group chat requests as new phishing attacks to push malicious attachments that can install DarkGate malware payloads on victims’ systems. Researchers claim that the attackers may have used a compromised Teams user (or domain) to send over 1,000 malicious Teams group chat invites.

How these Microsoft Teams group chat requests can be harmfulThe report claims that once the malware is installed on a victim’s system, it will reach out to its command-and-control server. This server has already been identified as part of DarkGate malware infrastructure by Palo Alto Networks, report Bleeping Computer.

As per the report, the hackers were able to push this phishing campaign as Microsoft allows Teams users to message other users by default.

AT&T Cybersecurity network security engineer Peter Boyle has warned: “Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel. As always, end users should be trained to pay attention to…

Source…