Connect with us

Hi, what are you looking for?

Economy

Microsoft Takes Action: Why Is it Disabling Key Protocol?

Microsoft Takes Swift Action: Why Is it Disabling Key Protocol?
Microsoft Takes Swift Action: Why Is it Disabling Key Protocol?

In response to the escalating threat of malware attacks, the Microsoft Project team has swiftly taken action by disabling the widely abused ms-appinstaller protocol handler. This strategic move is part of Microsoft’s efforts to utilize its cyber threat intelligence tools to counter the alarming exploitation of this protocol by multiple threat actors intent on distributing malware. Ransomware attacks are looming as a significant risk.

Unveiling the Menace

The Microsoft Threat Intelligence team, leveraging advanced cyber threat intelligence tools, uncovered the exploitation of the ms-appinstaller protocol handler as an access vector for malware distribution. As a result, the company decided to disable the protocol handler by default. The company aims to protect users from potential dangers associated with malicious activities.

Malware Microsoft Project: Kit for Sale

Compounding the threat, cybercriminals are actively selling a malware kit as a service, leveraging the MSIX file format and the ms-appinstaller protocol handler. To address this emerging threat, Microsoft implemented changes in the App Installer version 1.21.3421.0 and higher, a testament to the value of effective threat intelligence feeds.

Method of Attack

The attacks orchestrated by at least four financially motivated hacking groups involve the deployment of signed malicious MSIX application packages. The scammers deceptively distribute these packages through trusted channels like Microsoft Teams. They also disguise them as advertisements for legitimate software on search engines like Google.

Diverse Threat Actors in Action

Several hacking groups have been identified exploiting the App Installer service since mid-November 2023. Each employs distinct tactics and underscores the need for robust threat intelligence feeds:

  1. Storm-0569: Uses SEO poisoning with spoofed sites to propagate BATLOADER, deploying Cobalt Strike and Black Basta ransomware.
  2. Storm-1113: Distributes EugenLoader disguised as Zoom, serving as an entry point for various stealer malware and remote access trojans.
  3. Sangria Tempest (Carbon Spider and FIN7): Leverages Storm-1113’s EugenLoader to drop Carbanak and distribute POWERTRASH through Google ads.
  4. Storm-1674: Sends fake landing pages through Teams messages. It also encourages users to download malicious MSIX installers containing SectopRAT or DarkGate payloads.

Microsoft: Persistent Threats and Past Actions

This isn’t the first time Microsoft has disabled the MSIX ms-appinstaller protocol handler. In February 2022, the company has also taken a similar step to thwart Emotet, TrickBot, and Bazaloader delivery. The protocol’s attractiveness to threat actors lies in its ability to circumvent security mechanisms. However, that poses a significant challenge for user safety.

As Microsoft lists its past actions and remains vigilant in combating evolving cybersecurity threats, it urges users to stay informed and employ best practices to enhance their digital security. This includes regular updates, exercising caution with downloads, and staying informed about emerging threats in the ever-evolving landscape of online security, highlighting the importance of cyber threat intelligence tools.

The post Microsoft Takes Action: Why Is it Disabling Key Protocol? appeared first on FinanceBrokerage.

You May Also Like

Editor's Pick

As decentralized naming systems gain traction, Ethereum Name Service has seen ENS price double, leaving some FOMO investors asking is it too late to...

Economy

How can Forex crash? Forex market crash history Fact that the Forex is one of the most volatile and most profitable markets in the...

Editor's Pick

Colorado-based pastor Eligio “Eli” Regalado and his wife, Kaitlyn, are facing legal action after allegedly defrauding investors of millions of dollars through the sale...

Stock

Enthusiasm is needed to drive an uptrend, but sometimes enthusiasm can go too far. That is why technical analysts like to use various sentiment...

Disclaimer: happyretirementstories.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


Copyright © 2024 happyretirementstories.com