Connect with us

Hi, what are you looking for?

Economy

Microsoft Takes Action: Why Is it Disabling Key Protocol?

Microsoft Takes Swift Action: Why Is it Disabling Key Protocol?

In response to the escalating threat of malware attacks, the Microsoft Project team has swiftly taken action by disabling the widely abused ms-appinstaller protocol handler. This strategic move is part of Microsoft’s efforts to utilize its cyber threat intelligence tools to counter the alarming exploitation of this protocol by multiple threat actors intent on distributing malware. Ransomware attacks are looming as a significant risk.

Unveiling the Menace

The Microsoft Threat Intelligence team, leveraging advanced cyber threat intelligence tools, uncovered the exploitation of the ms-appinstaller protocol handler as an access vector for malware distribution. As a result, the company decided to disable the protocol handler by default. The company aims to protect users from potential dangers associated with malicious activities.

Malware Microsoft Project: Kit for Sale

Compounding the threat, cybercriminals are actively selling a malware kit as a service, leveraging the MSIX file format and the ms-appinstaller protocol handler. To address this emerging threat, Microsoft implemented changes in the App Installer version 1.21.3421.0 and higher, a testament to the value of effective threat intelligence feeds.

Method of Attack

The attacks orchestrated by at least four financially motivated hacking groups involve the deployment of signed malicious MSIX application packages. The scammers deceptively distribute these packages through trusted channels like Microsoft Teams. They also disguise them as advertisements for legitimate software on search engines like Google.

Diverse Threat Actors in Action

Several hacking groups have been identified exploiting the App Installer service since mid-November 2023. Each employs distinct tactics and underscores the need for robust threat intelligence feeds:

Storm-0569: Uses SEO poisoning with spoofed sites to propagate BATLOADER, deploying Cobalt Strike and Black Basta ransomware. Storm-1113: Distributes EugenLoader disguised as Zoom, serving as an entry point for various stealer malware and remote access trojans. Sangria Tempest (Carbon Spider and FIN7): Leverages Storm-1113’s EugenLoader to drop Carbanak and distribute POWERTRASH through Google ads. Storm-1674: Sends fake landing pages through Teams messages. It also encourages users to download malicious MSIX installers containing SectopRAT or DarkGate payloads.

Microsoft: Persistent Threats and Past Actions

This isn’t the first time Microsoft has disabled the MSIX ms-appinstaller protocol handler. In February 2022, the company has also taken a similar step to thwart Emotet, TrickBot, and Bazaloader delivery. The protocol’s attractiveness to threat actors lies in its ability to circumvent security mechanisms. However, that poses a significant challenge for user safety.

As Microsoft lists its past actions and remains vigilant in combating evolving cybersecurity threats, it urges users to stay informed and employ best practices to enhance their digital security. This includes regular updates, exercising caution with downloads, and staying informed about emerging threats in the ever-evolving landscape of online security, highlighting the importance of cyber threat intelligence tools.

The post Microsoft Takes Action: Why Is it Disabling Key Protocol? appeared first on FinanceBrokerage.

Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.

    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Latest News

    President Biden is asking Congress to approve nearly $100 billion in emergency funding to aid recovery efforts for the recent deadly storms that ravaged...

    Stock

    One hallmark of secular bull markets is rotation. When leading stocks, sectors, and industry groups falter, there needs to be others that grab the...

    Latest News

    Vice President Kamala Harris spent a whopping $1.5 billion during her 15-week campaign that ended in defeat to President-elect Donald Trump, including burning through...

    Latest News

    Activists on Saturday demanded that the state of California pay millions of dollars to each Black resident in reparations as a way to make...



    Disclaimer: Frequencytraders.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


    Copyright © 2024 Frequencytraders.com