New research released today indicates that Cuba has been using pieces of malware in its attacks that were certified, or given a seal of approval, by Microsoft.
. Microsoft says it has suspended the Partner Center accounts that were being abused, revoked the rogue certificates, and released security updates for Windows related to the situation. The company adds that it hasn't identified any compromise of its systems beyond the partner account abuse.“These attackers, most likely affiliates of the Cuba ransomware group, know what they’re doing—and they’re persistent," says Christopher Budd, director of threat research at Sophos.
Cryptographic software signing is an important validation mechanism meant to ensure that software has been vetted and anointed by a trusted party or “certificate authority.” Attackers are always looking for weaknesses in this infrastructure, though, where they can compromise certificates or otherwise undermine and abuse the signing process to legitimize their malware.
“Mandiant has previously observed scenarios when it is suspected that groups leverage a common criminal service for code signing,” the company published today. “The use of stolen or fraudulently obtained code signing certificates by threat actors has been a common tactic, and providing these certificates or signing services has proven a lucrative niche in the underground economy.”
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Rackspace says ‘known ransomware group’ is behind attack on servers; still working to retrieve dataRackspace has not said if it paid a ransom to have access to the information returned.
Read more »
Jaguars defense abused by Derrick Henry — until they began to rack up the turnovers'Hats off to the defense.' For the first quarter, Derrick Henry looked like running over the Jaguars once again — until the defense stepped up in Nashville.
Read more »
Breakingviews - Microsoft plugs into LSEG data driveLSEG has enlisted Microsoft to upgrade its data business. The software giant on Monday unveiled a 10-year alliance with the owner of the London Stock Exchange and bought 4% of the $52 billion company. It’s a way for LSEG boss David Schwimmer to boost revenue, though investors will have to wait to see the results.
Read more »
Microsoft to buy stake in London Stock Exchange, which commits to spending billions on cloud servicesMicrosoft on Monday said it was investing in the London Stock Exchange in a deal that will see the stock exchange use the software giant's data and cloud...
Read more »