Cyber threat intelligence provider ‘iSIGHT Partners’ has today announced* the discovery of a serious vulnerability that affects all supported versions of Microsoft Windows and Windows Server 2008 and 2012.
Although there is no patch immediately available for the vulnerability – which has been named ‘CVE-2014-4114’ or ‘SandWorm’ – Microsoft is currently working on a patch that will be available to Windows users later today.
iSIGHT Partners has detected that Russian threat actors are actively exploiting the vulnerability against a number of targets including NATO, a Western European government organisation and European telecommunications firms among others. iSIGHT Partners discovered the use of this exploit (named after references to the classic science fiction series ‘Dune’ were found in command and control URLs and malware samples related to the attack campaign that was launched from Russian computers) in early September, but has held back reporting on full technical details of the issue until after the Microsoft patch has been released.
Ben Densham, Chief Technology Officer at cyber security consultancy, Nettitude, has made the following comments:
“Although attackers exploiting this vulnerability would need to use a specifically crafted file and use social engineering methods to convince a user to open it, a successful attack could see any number of resulting actions being played out on the user’s system depending on the objective of the attacker.
“Windows administrators are urged to deploy the patch as soon as it is released tonight to ensure their systems are protected from this threat. This information release follows on from other recent vulnerability alerts and warns us again that we cannot rely on existing defensive cyber technologies to protect us. We must expect to be breached and build systems and processes that are capable of detecting breach behaviours within network environments, especially when it involves zero day vulnerabilities and large, targeted threat actors.
“SandWorm is a call to ensure we can ‘respond in depth’ to the threats we face and not just rely on existing security layers to protect us.”
For further information or comment, please contact the team on 020 7401 7968
To contact Nettitude's editor, please email firstname.lastname@example.org.