Exploiting a zero-day vulnerability (CVE-2023-28252) in the Windows Common Log File System, threat actors have launched new attacks to distribute Nokoyawa ransomware payloads. However, Microsoft has already addressed the vulnerability as part of the latest Patch Tuesday release.
This means that attackers can exploit the vulnerability to gain unauthorized access to systems, steal data, or launch other malicious activities.
Zero-day vulnerabilities are considered particularly dangerous because there are no known fixes or patches available to address them, leaving systems vulnerable to attack until a patch or workaround is developed. Once a zero-day vulnerability is discovered, it is usually sold on the dark web to cybercriminals or state-sponsored hackers, who then use it to launch attacks.
Attempted cyberattacks using the updated Nokoyawa ransomware, exploiting the aforementioned flaw, targeting Windows servers of small and medium-sized businesses across North America and the Middle East. Nokoyawa ransomware operation has also leveraged other exploits aimed at the CLFS driver industries since last June, using five or more exploits. The early variants of Nokoyawa were just ‘rebranded’ versions of JSWorm ransomware. However, in this attack, cybercriminals have used a newer and distinct version of Nokoyawa.
To protect against Windows zero-day vulnerabilities, it is important to keep your operating system up to date with the latest security patches and updates. Additionally, using anti-virus software, firewalls, and other security measures can help to reduce the risk of attack. It is also important to exercise caution when opening emails or attachments from unknown sources and to be wary of suspicious links or websites.
If you suspect that your system has been infected with Nokoyawa ransomware or any other type of malware, it’s important to take immediate action. Disconnect your computer from the internet and contact a reputable cybersecurity professional or organization for assistance.