As threat actors continue to find new and innovative ways to access environments, Microsoft move closer to the adoption of a Zero Trust security posture with layered and broad defences. They remain committed to sharing intelligence to protect the community.
A recent attack has seen actors submit malicious drivers for certification through the Windows Hardware Compatibility Programme. The activity so far has been limited to the gaming industry within China, with the goal to use the driver to set an alternative geo-location and compromise other player’s accounts through tools like keyloggers. The drivers were built by a third party who have since had their accounts suspended and have had their submissions reviewed for additional signs of malware. In line with their Zero Trust and layered defence security posture, Microsoft have built-in detection and blocking of this driver through Microsoft Defender for Endpoint and they are also sharing these with other AV security venders to ensure they also deploy detections.
Microsoft have also shared details relating to new activity from the Nobelium threat actor in a bid to help customers protect themselves. The latest attacks have involved password spraying and information-stealing malware. While the attacks were mostly unsuccessful and targeted at specific customers, Microsoft continues to recommend that customers take security precautions such as enabling multi-factor authentication to protect their environments from similar attacks.