Kaspersky found several highly targeted attacks against multiple companies using a previously undiscovered chain of Google Chrome and Microsoft Windows zero-day exploits in April 2021.
A zero-day vulnerability is a software vulnerability discovered by attackers before the suppliers become aware of it. This type of attack that takes advantage of the unknown vulnerability causes damage to or steals data from a system.
Kaspersky reported that attackers used one of the exploits for remote code execution in the Chrome web browser.
The other is an elevation of privilege exploits fine-tuned to target the latest builds of Windows 10. It exploits two weak spots in the Microsoft Windows OS kernel. Specifically, they are Information Disclosure vulnerability CVE-2021-31955 and Elevation of Privilege vulnerability CVE-2021-31956. Fortunately, Microsoft patched them on June 8 under Patch Tuesday.
With the new wave of exploit attacks besides these two reports as of mid-April, Kaspersky has yet to find any link between them. Thus, the company dubbed this actor “PuzzleMaker.”
Kaspersky advised its Google and Microsoft users to install the latest patches to avoid becoming victims of the following exploits. Additionally, Kaspersky also offers suggestions to protect oneself further:
- Update your Chrome browser and Microsoft Windows as soon as possible and do so regularly
- Use a reliable endpoint security solution such as Kaspersky Endpoint Security for Business. It packs with exploit prevention, behavior detection, and a remediation engine that can roll back malicious actions.
- Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation, and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within the Kaspersky Expert Security framework.
- Along with proper endpoint protection, dedicated services can help against high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop attacks in their early stages before the attackers achieve their goals.
To learn more about the new zero-day exploits, read more in Securelist.