Fancy Bear Attacks Microsoft

Microsoft earlier this week said it had fallen victim to “Strontium,” its code name for the Russian hacking group also known as “Fancy Bear,” which has been linked to recent attacks on Democratic Party systems.

The group launched a spear phishing attack that targeted vulnerabilities in both the Windows operating system and Adobe Flash, according to Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group.

The attack, first identified by Google’s Threat Analysis Group, involved two zero-day vulnerabilities in Flash and the down level Windows kernel, he explained. It used the Flash exploit to gain control over browsers, elevate privileges to escape the browser sandbox and install a backdoor to gain access to a user’s computer.

Microsoft is working with Google and Adobe on a patch and plans to release the fix by Nov. 8, when the next update is scheduled, Myerson said.

Those who use Microsoft Edge on the Windows 10 Anniversary Update are known to be protected from versions of the attack observed in the wild. Microsoft recommended that users upgrade to Windows 10 and said that those who enable Windows Defender Advanced Threat Protection will be able to detect the attempted attacks.

Google’s Disclosure

Google should not have disclosed the vulnerability before the patches were made available, according to Myerson.

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure,” he said. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing and puts customers at increased risk.”

Google on Monday revealed the Microsoft and Adobe vulnerabilities, noting that Adobe already had updated Flash to address the flaw. The Adobe patch is available through the Adobe updater and Chrome auto update.

Google, per its policy of seven-day disclosure of actively exploited critical vulnerabilities, reported the remaining critical vulnerability in Windows, noting that it was being exploited in the wild.

The vulnerability was a local privilege escalation that could be used as a security sandbox escape, noted Neel Mehta and Billy Leonard of Google’s Threat Analysis Group in an online post. They urged users to make sure that Flash was auto updated, or to manually update if necessary.

They should make sure to apply Windows patches, when available, Mehta and Leonard also wrote.

Election Jitters

The new attacks came at a sensitive time in the United States, with the presidential election less than a week away. Federal and local officials have made a major effort to ensure the public has confidence in the electoral system.

Thus far, 48 states and 36 county and local governments have taken up an offer by the Department of Homeland Security to assist local governments with ensuring that the state and local election systems are protected against cyberattacks, DHS spokesperson Scott McConnell told TechNewsWorld.

The states of Illinois and Arizona were targeted more than a month ago by a suspected Russian hack that impacted 200,000 voters in the Illinois voter registration database.

There is little risk of a foreign hacker impacting the actual outcome of the race, but there are fears that a new round of cyberattacks could impact the level of confidence in the integrity of the system.

“While the actual fallout is hard to predict, it’s important to look at the chaos that Russian hackers have allegedly been sowing in the past couple months,” said Bryan Burns, vice president of threat research at Proofpoint.