Windows Crash Reports Reveal New APT, POS AttacksWindows Crash Reports Reveal New APT, POS Attacks

Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.

Dark Reading logo in a gray background | Dark Reading

You never know what you'll glean from a Windows crash report. Security researchers recently unearthed a previously unknown advanced persistent threat (APT) campaign, as well as a new point-of-sale system attack, by perusing and analyzing those crash reports also known as Dr. Watson.

Researchers at Websense -- who recently exposed weaknesses in Microsoft's Windows crash reports that could be abused by attackers or spies -- on Wednesday released free source code online for enterprises to use the crash reports to catch potential security breaches in their organizations. Next week at the RSA Conference in San Francisco, the researchers will release indicators of compromise for the two attack campaigns that can be incorporated into intrusion prevention systems.

Alex Watson, director of security research for Websense, says his team spotted a targeted attack waged against a mobile network provider and a government agency, both outside the US, as well as a Zeus-based attack aimed at the point-of-sale system of wholesale retailers. In both cases, the attacks have been suspended and the command-and-control infrastructures disrupted.

"We wanted to prove that we can detect zero-day or unknown [attacks] by a little information in crash reports," Watson says. So he and his team created crash "fingerprints" to filter and search for real-world attack intelligence in Dr. Watson reports.

Read the rest of this story on Dark Reading.

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with three decades of experience in reporting and editing for various technology and business publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was selected three consecutive times as one of the Top 10 Cybersecurity Journalists in the US, and was named as one of Folio's 2019 Top Women in Media. She has been with Dark Reading since its launch in 2006.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights