2nd Edition

Tracking the trends and news for IT and IT Security

Paul

This sneaky ransomware attack tries to switch off your security software

hands-typing-on-a-laptop.jpg?auto=webp&fit=crop&height=675&width=1200This sneaky ransomware attack tries to switch off your security software>
ZD Net – Danny Palmer
BlackByte ransomware gang is apparently using CVE-2019-16098, a vulnerability in RTCorec64.sys, a graphics utility driver for Windows systems. However, by exploiting the vulnerability, attackers which have gained access to an authenticated user account that can read and write to arbitrary memory, which could be exploited for privilege escalation, code execution or accessing information.

Researchers describe this as “Bring Your Own Driver”. When abused, it allows attackers to bypass more than 1,000 drivers used by industry endpoint detection and response (EDR) products â antivirus software.

The technique has been detailed by cybersecurity researchers at Sophos, who’ve seen it being used in attacks by the BlackByte ransomware gang.
Link: https://www.zdnet.com/article/this-sneaky-ransomware-attack-tries-to-switch-off-your-security-software/#ftag=RSSbaffb68

Categories:

Tags: