Experts managed to find a connection between 16 exploits and their developers.
The connection between 16 exploits and their developers.
Specialists have developed a method for identifying malware developers based on their “handwriting”.
The creation of ransomware for a cybercriminal group requires the involvement of a range of experts from various fields. The question arises, is it possible, after examining the malicious code, to identify its developers?
Check Point specialists have developed a new way to identify malware developers based on identifying their unique characteristics, i.e. “Handwriting”. Using the new method, the researchers were able to link 16 privilege elevation exploits on Windows PCs to two vendors of zero-day vulnerabilities, Volodya (also known as BuggiCorp) and PlayBit (also known as luxor2008).
“Rather than focusing on all malware and catching new samples of malware or cybercriminals, we wanted to offer a different perspective and decided to focus on a few features written by the exploit developer,” said Check Point experts Itay Cohen and Eyal. Itkin (Eyal Itkin).
The idea is to examine the exploit for special artifacts that might point to its developer.
As the researchers explained, their analysis began in response to a “sophisticated attack” against one of Check Point’s customers. Experts have discovered an exploit for privilege escalation vulnerability CVE-2019-0859which turns out to
have been written by two different development teams. The researchers used the properties of the binary as
a unique “handwriting” and thanks to it they were able to find at least 11 other exploits developed by the same
developer under the pseudonym Volodya.
You can also buy instant:
Cashapp Money Transfer Click here
Paypal Money Transfer Click here
Western Union Money Transfer Click here
Venmo Money Transfer Click here
Bank Money Transfer Click here to Contact Us