Security: Microsoft Digital Defense Report, Exploit Author Fingerprint

[German]I'll summarize two security topics in this blog post. Microsoft has presented the Digital Defense Report. And there is an approach to hunt for exploits by searching for the author's fingerprints.


Microsoft Digital Defense Report

Ransomware  campaigns are often understood and interpreted as an infection by a malware (payload of the campaign).  In reality, however, a ransomware attack is an attack in which human opponents attack a network. 

Microsoft Digital Defense Report

Defending against cybercriminals is a complex, constantly evolving and never-ending challenge. Cyber criminals also know how to increase their activities in times of crisis like now with COVID-19. But knowledge is power. For security experts to develop successful defense strategies, they need more diverse and timely insight into the threats they are defending against.

Microsoft has therefore now published its Microsoft Digital Defense Report, which can be downloaded as a PDF document. The report is dated September 28, 2020 and is based on more than 8 billion daily security signals and observations that telemetry systems report to Microsoft. These are evaluated by Microsoft security and threat intelligence experts. They have published the findings and insights into the current state of cyber security in this Digital Defense Report.

Identify exploit authors by their fingerprint

Interesting thing that security researchers from Checkpoint reveal in this article. Starting with a single case where a customer was attacked, the security researchers try to find new ways to hunt down exploits and their authors. They write that in recent months, the vulnerability and malware analysis research teams have worked together to focus on the exploits within the malware and especially on the authors of the exploits themselves.


Based on a single incident response case, the security researchers have created a profile of one of the most active exploit developers for Windows, known as "Volodya" or "BuggiCorp". Based on this profile or fingerprint, more than 10 Windows Kernel Local Privilege Escalation (LPE) exploits of this developer have been detected so far. Many of the finds were 0-day-exploits at the time of development. Details can be found in the linked article.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *