Security News > 2023 > February > DLL sideloading and CVE attacks show diversity of threat landscape

Threat watchers have spotted new cybersecurity exploits illustrating the protean nature of hacks as malware groups adapt and find new opportunities in dynamic link libraries and common vulnerabilities and exposures.

Figure A. Zugec said Bitdefender has seen a large spike in the use of this tactic "Due to the fact that DLL sideloading allows the threat actors to stay hidden. Many endpoint security solutions are going to see that the DLL files are executable, signed, for example, by Microsoft or by any big name company known to be trusted. But, this trusted library is going to load malicious code."

The CVE exploits observed by Bitdefender and Arctic Wolf feature attacks on publicly disclosed security flaws.

According to cyber insurance and security firm Coalition, which monitors CVE exploit availability using sources such as GitHub and Exploit-DB, the time to exploit for most CVE's is within 90 days of public disclosure - ample time for vulnerability vendors or threat actors themselves to jimmy a digital window into a network.

Arctic Wolf just issued its own report detailing a series of brazen repeat-attack exploits by the notorious Lorenz ransomware group exploiting a CVE in a Mitel MiVoice VoIP appliance.

"Threat actors have proven that they will rapidly adopt new exploits, evasion methods and find new legitimate tools to abuse in their attacks to blend into normal host and network activity," Thanos said.

News URL

https://www.techrepublic.com/article/dll-sideloading-cve-attacks-threat-landscape/