Cyber Threat Alert

Windows 10 Update Threat

Threat actors are using a vulnerability in Windows 10 to steal user credentials by installing malicious viruses and trojan horses. Phishing emails are being sent with a Microsoft Office attachment that when opened implements ActiveX remote desktop and installs TrickBot, with the user unaware. The TrickBot bypasses Windows 10 UAC (User Access Control) and runs in the background until specific security software is updated and able to detect it. The recent Windows 10 update included a UAC Bypass which is now the root cause of the new threat. UAC prompts include the familiar phrase “Do you want to allow this app to make changes to your device?”, which the new TrickBot is bypassing altogether. The threat will most certainly create a new wave of phishing attempts and windows users will need to be as cautions as ever.

Employee recognition of phishing attempts and exercising extreme caution when opening attachments from outside sources is the best way to prevent and mitigate this threat. Additional prevention techniques include disabling macros, content, and editing in Microsoft Office products and making sure your security software is actively updated.  

Description:

A new Windows 10 threat using TrickBot to install malware via a Microsoft Office attachment, typically sent through a phishing email. The threat uses ActiveX remote desktop to activate along with a UAC (User Access Control) Bypass that was included in the most recent Windows 10 updates. UAC is the familiar pop up window that states “Do you want to allow this app to make changes to your device?”

Source:

The threat first appeared within a Forbes article, Windows 10 Users Warned As Hackers Target Newly Updated Computers, published 02/29/2020.

https://www.forbes.com/sites/daveywinder/2020/02/29/windows-10-users-warned-as-hackers-target-newly-updated-computers/#101196a61647

Additional resource was found within SC Media’s article, Windows 10 ActiveX control hacked to execute TrickBot dropper, published 03/02/2020.

https://www.scmagazineuk.com/windows-10-activex-control-hacked-execute-trickbot-dropper/article/1675618

Why This Matters:

  • Windows 10 is the most popular desktop OS in the world
  • The threat could lead to devastating data breaches or ransomware events
  • Employee phishing training will best protect and prevent these events from happening
  • Disabling macros, content, and editing within Microsoft Office products can help prevent this threat altogether
  • The threat goes against the traditional notion that always updating your OS software is the most secure action
This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Cyber Threat Malware Cyber Security Windows

Cyber Threats Home
Cyber Armada Team
Posted by Cyber Armada Team on Mar 9, 2020 6:19:24 PM
Facebook Linkedin Twitter
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment