Trend Micro Vulnerability Being Actively Exploited

Cybersecurity firm Trend Micro has disclosed that a threat actor began using a vulnerability in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers. The vulnerability was discovered last year and patched, but Trend Micro said it learned of incidents where this same bug was weaponized to attack some of its customers. Based on a description of the issue, the vulnerability could not be used to break into systems but was used as a second step in a multi-phase exploit chain after hackers already planted malicious code on a victim’s computer and used the bug to take full control of an infected system. A source familiar with the attacks said the vulnerability was used by an advanced persistent threat (APT) group.  News about hackers exploiting the Trend Micro vulnerability comes soon after FireEye disclosed that multiple hacking groups had also exploited zero-day in security products from Pulse Connect Secure and SonicWall (links to WaterISAC’s advisories). While all these attacks are unrelated, they show a pattern in real-world attacks where threat actors are slowly realizing that security products are as vulnerable as any other software, and, because of the central and privileged position they occupy inside most corporate networks, they are ideal entry points into high-profile targets. Read more at The Record.