Connect with us

Hi, what are you looking for?

Tech & Science

When it comes to cybersecurity, attack is not the best form of defence

A vulnerability in Windows Defender SmartScreen, recently patched by Microsoft in February.

Risk of leaving a computer unattended. — Image by © Tim Sandle.
Risk of leaving a computer unattended. — Image by © Tim Sandle.

Cybersecurity experts have identified that hackers are exploiting a Windows Defender SmartScreen vulnerability to deploy DarkGate malware. SmartScreen is a Windows security feature that displays a warning when users attempt to run unrecognized or suspicious files downloaded from the Internet.

Windows defender is a service from Microsoft that provides real-time protection. It actively monitors a computer’s activities and scans files in real-time to detect and block any potential threats.

Looking at this concerning development for Digital Journal is Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ.

Costis looks at the nature of this newly reported vulnerability: “A vulnerability in Windows Defender SmartScreen, recently patched by Microsoft in February, is now being exploited by DarkGate malware operators. SmartScreen is a feature that determines whether a site is malicious and warns users before attempting to run any suspicious files.”

Once in, the expert warns: “DarkGate operators are using the patched flaw to increase their success rates in infecting systems.”

In terms of the nature of the malicious software, Costis observes: “DarkGate, initially identified in 2018, has operated under a Malware-as-a-Service (MaaS) business model on cybercrime forums since June 2023. This sophisticated malware strain has been observed infecting users through malicious emails containing PDF attachments, redirecting users to compromised web servers, and bypassing email security checks.”

Malware-as-a-Service (MaaS) is a business model under which cybercriminals provide access to malicious software and related infrastructure for a fee, forming part of the wider Cybercrime-as-a-Service (CaaS) model.

There are measures that need to be taken by businesses, and major software providers, in order to counteract the problem. Costis summarises this as: “Given DarkGate’s complex infection chain and range of techniques, organizations must validate their security postures against the Tactics, Techniques, and Procedures (TTPs) associated with DarkGate.”

Costis also recommends: “As the malware resurfaces with expanded exploitation and evolving tactics, security teams must remain vigilant. In addition to applying Microsoft’s February Patch Tuesday update to this vulnerability, security teams should continuously test their defenses, leveraging insights from the MITRE ATT&CK framework, and prioritizing a proactive approach.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

To stay hydrated it’s important to make sure your water levels are constantly being topped up throughout the day.

World

Stop pretending to know what you’re talking about. You’re wrong and you know you’re wrong. So does everyone else.

World

Jordan Bardella is the new kid on the rightist block - Copyright AFP PATRICK HERTZOGToni CERDAFrance’s far-right National Rally is banking on its youthful...

World

Sunny skies returned a day after torrential downpours paralysed Dubai and other parts of the United Arab Emirates - Copyright AFP Saeed KHANTalek HARRISDubai’s...