Summary:
Microsoft has addressed a zero-day vulnerability impacting all supported Windows versions, which researchers claim was exploited by hackers to carry out ransomware attacks.
In a security alert on Tuesday, Microsoft revealed that an attacker exploiting the vulnerability in the Windows Common Log File System (CLFS) could gain complete access to an unpatched system, and confirmed that the vulnerability was actively being exploited, reports TechCrunch. Microsoft says the Tuesday patch fixed over 100 security flaws.
Russian cybersecurity firm, Kaspersky, said that the flaw was used to deploy Nokoyawa ransomware, primarily targeting Windows servers of small and medium-sized businesses in the Middle East, North America, and Asia.
“Cyber crime groups are becoming increasingly more sophisticated using zero-day exploits in their attacks. Previously, they were primarily a tool of APT actors, but now cyber criminals have the resources to acquire zero-days and routinely use them in attacks,” said Boris Larin, lead security researcher at Kaspersky.
Nokoyawa, first observed in February 2022, is believed to be linked to the now-defunct Hive ransomware gang. The malware encrypts files on compromised systems and operators claim to steal valuable information, threatening to leak it unless a ransom is paid.
The U.S. cybersecurity agency CISA has added the newly-patched Windows vulnerability to its known exploited vulnerabilities catalog and urged federal agencies to update systems before May 2.
