A number of vulnerabilities in the print application have led to a series of cyber attacks from around the world.
If you have recently used the Windows Print Spooler application, you could be the victim of a hack. A new reportfrom cybersecurity firm Kaspersky, has determined that between July 2021 and April 2022, cybercriminals carried out approximately 65,000 attacks via the Windows Print Spooler application. In addition, nearly half (31,000) of the attacks occurred in the first four quarters of 2022. Typically used to help users manage the printing process, Print Spooler has become a hotbed for cybercriminals seeking attacks due to its numerous vulnerabilities. to carry out.
Print Spooler’s Vulnerabilities and Numerous Attacks
The exploits, CVE-2021-1675 and CVE-2021-34527 (aka PrintNightmare), were found from an unusual source, as it was incorrectly published as a proof of concept (POC) to GitHub for the application’s vulnerabilities. Once on GitHub, users downloaded the POC exploit and some serious gaps in the application were discovered. Last month, another critical vulnerability was discovered, which Kaspersky says led to many of the attacks because the cybercriminals had access to company resources.
After the vulnerabilities were identified, Microsoft released a patch to stop PrintNightmare’s attacks and the recently discovered exploit, but some organizations affected did not download and deploy the patch before it was exploited.
SEE: Mobile Device Security Policy (Tech Republic Premium)
“Vulnerabilities in Windows Print Spooler are a hotbed for new threats,” said Alexey Kulaev, security researcher at Kaspersky. “We expect a growing number of exploitative attempts to access resources within corporate networks, associated with a high risk of ransomware infection and data theft. Some of these vulnerabilities allow attackers to gain access not only to victims’ data, but also to the entire company server. Therefore, it is highly recommended that users follow Microsoft’s guidelines and apply the latest Windows security updates.”
The attacks targeted users from a number of countries around the world, as the cybersecurity firm found that from July 2021 to April 2022, nearly a quarter of its detected hits came from Italy. Outside of Italy, users in Turkey and South Korea were most actively attacked, and recently researchers also found that attackers were most active in Austria, France and Slovenia over the past four months.
How can you protect your systems from misuse?
To protect users from the next victim of an attack, Kaspersky offers the following tips:
- Install patches for new vulnerabilities as soon as possible
- Conduct regular security audits of the organization’s IT infrastructure
- Use an endpoint and mail server security solution with anti-phishing capabilities
- Use special services that can help fight high profile attacks
- to install anti-APT and EDR Solutionsenabling detection and detection of threats
Making sure all system vulnerabilities are patched is recommended as the best solution for the particular exploit, according to the security company. Outside of this specific case, always have up-to-date endpoint security and the use of a zero trust model are the best ways to avoid being exploited.