• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Microsoft Signed Driver Malware

Released: Dec 16, 2022

Download PDF »

BURNTCIGAR Malware

High Severity

Microsoft Windows Platform

Microsoft Vendor

Ransomware attackers leverage Microsoft-Signed Drivers

Microsoft disclosed on Tuesday (Dec 13, 2022) that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity and Microsoft Threat Intelligence Center (MSTIC) ongoing analysis indicates that the signed malicious drivers were likely used to facilitate post-exploitation intrusion activity such as the deployment of ransomware. Learn More »

Background

Since the malware drivers are signed by Microsoft, trust associated with signed drivers can be exploited by threat actors to facilitate large-scale software supply chain attacks. Previously, we have seen many instances of signed software/drivers been taken advantage of. Last year in 2021, the driver, called "Netfilter," signed by Microsoft was used by attackers to plant rootkit and in Dec 2020, another notable supply chain incident occurred after attackers planted a vulnerability on popular SolarWinds Orion platform. Full read at: https://fortiguard.fortinet.com/outbreak-alert/solarwinds

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Dec 13, 2022: Microsoft released security advisory https://msrc.microsoft.com/update-guide/vulnerability/ADV220005


Dec 14, 2022: FortiGuard Labs has released AV protections against "BURNTCIGAR" malware and its variants and recommends all customers to install the latest Windows updates and to ensure that anti-virus and endpoint detection engines are up to date with the latest signatures to prevent these attacks. Apart from virus detections, behavioral based detections are in place to alert on suspicious or malware like activities and overcome the implicit trust granted to Microsoft-signed binaries.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Decoy VM

  • AV

  • AV (Pre-filter)

  • Behavior Detection

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND
RECOVER
IDENTIFY

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...