Microsoft’s new ASR feature helps fight cybercriminals and identity theft

What exactly is identity theft? To make it simple when an individual scraps enough information about the potential target and uses it to defraud or impersonate them. This includes little information like email or home addresses, Pin code/passwords, maiden name or even your social security number. All this data is enough to crack your bank account open and use it to make credit purchases or even take loans under your identity.

Oversharing too much information on social media can be harmful because it makes it much easier for data scrappers to collect information about you from your social media platforms to help them commit crimes under your identity.

Other than that—data breaches in insurance companies, hospitals, and government departments also play a great role in assisting hackers collect enough data to swindle the victim. Most of the data breaches are done by using malwares; in which hackers bait the victim into opening an attachment which secretly installs harmful software on a device. Phishing is another method in which thieves send you hoax emails or messages, generally disguising themselves under famous brand names such as Facebook or LinkedIn. Victims are tricked into giving out sensitive information, either on a bogus website or to the impersonator.

To fight cybercriminals, Microsoft has enabled its defender’s ‘Attack Surface Reduction’ option ‘ON’ by default, which will target such software that are launching executable programs. This new rule will ultimately protect your devices and network from harmful malwares. Usually, when hackers target a network, they steal credentials by gaining administration rights of the device and then steal the saved data from LSASS which contains sensitive information in the form of NTLM hashes. The data is later decrypted and transferred to another device where they dump the information.

Microsoft has introduced a security system that will help prevent hackers from abusing the LSASS memory by blocking their access to the memory dump. One of the features, Credential guard, isolates the LSASS into a container that denies others from gaining access to it. Unfortunately, the new feature causes trouble with other drivers which results with many organizations not enabling it. Another setback of the Windows Defender ASR feature is that it will immediately turn off once antivirus software is installed on the device.

Kostas discovered the change on the new update of Microsoft’s attack surface reduction rule. Researchers have also identified new methods used by cybercriminals to bypass the new feature and gain access to the LSASS process.


Read next: Running Windows 11 on incompatible devices can cause trouble for PCs, warns Microsoft
Previous Post Next Post