[German]I'll summarize two security topics in this blog post. Microsoft has presented the Digital Defense Report. And there is an approach to hunt for exploits by searching for the author's fingerprints.
Advertising
Microsoft Digital Defense Report
Ransomware campaigns are often understood and interpreted as an infection by a malware (payload of the campaign). In reality, however, a ransomware attack is an attack in which human opponents attack a network.
Defending against cybercriminals is a complex, constantly evolving and never-ending challenge. Cyber criminals also know how to increase their activities in times of crisis like now with COVID-19. But knowledge is power. For security experts to develop successful defense strategies, they need more diverse and timely insight into the threats they are defending against.
Microsoft has therefore now published its Microsoft Digital Defense Report, which can be downloaded as a PDF document. The report is dated September 28, 2020 and is based on more than 8 billion daily security signals and observations that telemetry systems report to Microsoft. These are evaluated by Microsoft security and threat intelligence experts. They have published the findings and insights into the current state of cyber security in this Digital Defense Report.
Identify exploit authors by their fingerprint
Interesting thing that security researchers from Checkpoint reveal in this article. Starting with a single case where a customer was attacked, the security researchers try to find new ways to hunt down exploits and their authors. They write that in recent months, the vulnerability and malware analysis research teams have worked together to focus on the exploits within the malware and especially on the authors of the exploits themselves.
Advertising
Based on a single incident response case, the security researchers have created a profile of one of the most active exploit developers for Windows, known as "Volodya" or "BuggiCorp". Based on this profile or fingerprint, more than 10 Windows Kernel Local Privilege Escalation (LPE) exploits of this developer have been detected so far. Many of the finds were 0-day-exploits at the time of development. Details can be found in the linked article.
Advertising