BlackByte Ransomware Abuses Susceptible Windows Chauffeur to Disable Security Solutions

In yet another case of bring your own susceptible chauffeur (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a defect in a genuine Windows chauffeur to bypass security services.

” The evasion method supports disabling a massive list of over 1,000 chauffeurs on which security items rely to offer defense,” Sophos danger scientist Andreas Klopsch stated in a brand-new technical article.

BYOVD is an attack method that includes danger stars abusing vulnerabilities in genuine, signed chauffeurs to attain effective kernel-mode exploitation and take control of jeopardized makers.

Weak points in signed chauffeurs have actually been progressively co-opted by nation-state danger groups recently, consisting of Slingshot, InvisiMole, APT28, and most just recently, the Lazarus Group.

Windows Driver

BlackByte, thought to be a spin-off of the now-discontinued Conti group, belongs to the huge video game cybercrime teams, which zeroes in on big, prominent targets as part of its ransomware-as-a-service (RaaS) plan.

According to the cybersecurity company, current attacks installed by the group have actually benefited from an opportunity escalation and code execution defect (CVE-2019-16098, CVSS rating: 7.8) impacting the Micro-Star MSI Afterburner RTCore64.sys chauffeur to disable security items.

Read the full article here

Hosted by
News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.

Sign Up for Our Morning Boot Cybersecurity Newsletter

Sponsored Ad

Cybervizer Recommended Book