BlackByte Ransomware Abuses Legitimate Driver to Disable Security Protections By Orbit Brain October 6, 2022 0 394 views Dwelling › Virus & MalwareBlackByte Ransomware Abuses Official Driver to Disable Safety ProtectionsBy Ionut Arghire on October 06, 2022TweetThe BlackByte ransomware has been noticed concentrating on a vulnerability in a legit driver to disable endpoint detection and response (EDR) options operating on the sufferer machine.Though a decryptor for BlackByte ransomware was launched in October final 12 months, the risk has continued to stay energetic, with the FBI warning of assaults concentrating on essential infrastructure sectors, together with authorities, monetary, and meals and agriculture organizations.Whereas investigating latest exercise surrounding the ransomware-as-a-service (RaaS) and its new knowledge leak website, Sophos safety researchers found that the risk has been utilizing a classy approach that enables it to bypass safety merchandise.Known as ‘Convey Your Personal Driver’, the approach entails dropping a weak driver model on the sufferer’s machine, executing it, and abusing it to take away course of creation callbacks from the kernel reminiscence.For this, BlackByte ransomware abuses drivers that Micro-Star’s graphics card overclocking utility MSI AfterBurner 4.6.2.15658 makes use of to realize prolonged management over graphic playing cards on the system. The ransomware operators additionally use legitimate code signing certificates to signal these drivers.The RTCore64.sys driver, Sophos explains, is affected by an authenticated learn/write arbitrary reminiscence vulnerability. Tracked as CVE-2019-16098, the problem results in privilege escalation, info disclosure, and code execution with elevated privileges.The approach works as a result of “the I/O management codes in RTCore64.sys are immediately accessible by user-mode processes” and since the focused vulnerability will be exploited by merely accessing these management codes, with out the necessity for exploit code.BlackByte ransomware exploits the weak driver to take away callback entries of drivers utilized by EDR merchandise from kernel reminiscence, by overwriting them with zeros.“The evasion approach helps disabling a whopping checklist of over 1,000 drivers on which safety merchandise rely to supply safety,” Sophos notes.Different ransomware households on the market had been additionally seen utilizing this system in assaults this 12 months, albeit they abuse totally different drivers, together with the mhyprot2.sys anti-cheat driver for the Genshin Influence online game and the aswarpot.sys Avast anti-rootkit driver, which was being abused by AvosLocker ransomware.Associated: FBI Warns of BlackByte Ransomware Assaults on Essential InfrastructureAssociated: Ransomware Gang Says it Has Hacked 49ers Soccer GroupAssociated: Variety of Ransomware Assaults on Industrial Orgs Drops Following Conti ShutdownGet the Day by day Briefing Most CurrentMost LearnAustralian Police Make First Arrest in Optus Hack ProbeThe Zero Day DilemmaBlackByte Ransomware Abuses Official Driver to Disable Safety ProtectionsNew ‘Maggie’ Backdoor Focusing on Microsoft SQL ServersInsurance coverage Big Lloyd’s of London Investigating Cybersecurity IncidentCisco Patches Excessive-Severity Vulnerabilities in Communications, Networking MerchandisePrivate Info of 123Ok People Uncovered in Metropolis of Tucson Knowledge BreachHospital Chain Says ‘IT Safety Concern’ Disrupts OperationsQuantum-Protected Communications Startup Qunnect Raises $eight MillionFBI, CISA Say Malicious Cyber Exercise Unlikely to Disrupt ElectionSearching for Malware in All of the Mistaken Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act Via Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureMethods to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingMethods to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp BlackByte CVE-2019-16098 EDR evasion ransomware RTCore64.sys vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
See Tickets Customer Payment Card Data Stolen by Web SkimmerIntroducing the Cyber Security News See Tickets Customer Payment Card Data Stolen by Web Skimmer.... October 27, 2022 Cyber Security News
Microsoft Details Recent macOS Gatekeeper Bypass VulnerabilityIntroducing the Cyber Security News Microsoft Details Recent macOS Gatekeeper Bypass Vulnerability.... December 20, 2022 Cyber Security News
Researchers Find Stolen Algorithms in Commercial Cybersecurity ProductsIntroducing the Cyber Security News Researchers Find Stolen Algorithms in Commercial Cybersecurity Products.... August 11, 2022 Cyber Security News
Edge Management and Orchestration Firm Zededa Raises $26 MillionIntroducing the Cyber Security News Edge Management and Orchestration Firm Zededa Raises $26 Million.... July 22, 2022 Cyber Security News
Okta Impersonation Technique Could be Utilized by AttackersIntroducing the Cyber Security News Okta Impersonation Technique Could be Utilized by Attackers.... August 30, 2022 Cyber Security News
NSA Publishes Guidance on Mitigating Software Memory Safety IssuesIntroducing the Cyber Security News NSA Publishes Guidance on Mitigating Software Memory Safety Issues.... November 14, 2022 Cyber Security News
The Next Shiba Inu and Dogecoin? Dogecoin20 ICO and the Promise of Millionaire ReturnsMarch 20, 2024 70
Are Arbitrum Investors Still Selling Off? Analysts Remain Bullish On ARB As Price Surges 5.2%March 21, 2024 64