Trend Micro Discovers Actively Exploited Vulnerability Affecting Millions of Users: Customers Already Protected

HONG KONG SAR – Media OutReach Newswire – February 15, 2024 –
Trend Micro Incorporated (Start date: 4704; EST: 4704), a global leader in cybersecurity, announced the discovery of a vulnerability in Microsoft Windows Defender that is being actively exploited by the Water Hydra cyber threat group.

Trend discovered the vulnerability on December 31, 2023 and Trend clients have been automatically protected since January 1, 2024. Organizations are advised to take immediate action in response to the ongoing active exploitation of this vulnerability by cybercriminals.

This is an active zero day vulnerability (CVE-2024-21412) that was disclosed by Trend Micro’s Zero Day Initiative™ (ZDI) to Microsoft and is being published for the first time today.

Trend protects its customers by releasing virtual patches an average of 51 days in advance of patch release, including this zero-day for Microsoft. For all other providers, the average time it took to actually protect their customers was 96 days. Trend estimates that customers who applied all virtual patches in 2023 saved
an average of 1 million dollars for their business.

Mark Houpt, CISO, Data Bank: “We have seen first-hand the benefits of being under the protective umbrella of Trend Micro. Their unmatched threat intelligence allows us to be proactively protected against emerging threats. By implementing their virtual patches, we managed to stay one step ahead of potential exploitation attempts. , securing our systems and allowing our customers to have confidence that their systems are secure long before official patches are available. This is a crucial part of our cybersecurity strategy, giving us peace of mind and significant savings in preventing potential breaches.

When a new zero day vulnerability is discovered, Trend responsibly notifies the vendor. Trend customers then benefit from virtual patches to protect their systems from exploitation until an official patch can be applied.

Kevin Simzer, COO at Trend: “Zero-day vulnerabilities are an increasingly popular way for threat actors to achieve their goals. This is one of the reasons we invest so deeply in threat intelligence, so we can protect our customers months before official vendor patches are released. We are proud to be creating a world with fewer cyber risks.

The critical risk is that the vulnerabilities can be exploited by malicious actors targeting a number of industries or organizations. This is actively exploited by the financially motivated APT Group to compromise foreign exchange traders participating in the high-stakes foreign exchange market.

Specifically, it is used in a sophisticated zero-day attack chain to enable Windows Defender SmartScreen bypass. The attacks are designed to infect victims with the DarkMe Remote Access Trojan (RAT) for potential data theft and ransomware.

Using layers of defense to mitigate advanced threats, Trend’s Intrusion Prevention System (IPS) capabilities provided virtual fixes by completely blocking the exploitation of CVE-2024-21412.

Trend Vision One™ automatically identifies critical vulnerabilities and provides visibility into all affected endpoints and their possible impact on an organization’s overall risk. Trend’s proactive approach to risk management reduces the need for last-minute reactive measures on “disclosure day” and ensures clients are well prepared to mitigate risks with confidence.

In contrast, organizations that rely solely on a traditional endpoint detection and response (EDR) approach may be at risk if their attackers use advanced techniques to avoid detection.

The power of ZDI, the world’s largest vendor-neutral bug bounty program, to find and then power virtual patch information has become increasingly important in light of two key trends identified by Trend:

• Zero-day vulnerabilities discovered by cybercrime groups are increasingly being deployed in attack chains by nation-state groups like APT28, APT29, and APT40, expanding their reach.

• CVE-2024-21412 is itself a simple bypass of CVE-2023-36025, highlighting the ease with which APT groups can identify and bypass patches from restricted vendors.

To learn more about the value of this news, please visit: https://www.youtube.com/watch?v=yY08S4-aICA