BlackByte Ransomware Abuses Legitimate Driver to Disable Security Protections By Orbit Brain October 6, 2022 0 391 views Dwelling › Virus & MalwareBlackByte Ransomware Abuses Official Driver to Disable Safety ProtectionsBy Ionut Arghire on October 06, 2022TweetThe BlackByte ransomware has been noticed concentrating on a vulnerability in a legit driver to disable endpoint detection and response (EDR) options operating on the sufferer machine.Though a decryptor for BlackByte ransomware was launched in October final 12 months, the risk has continued to stay energetic, with the FBI warning of assaults concentrating on essential infrastructure sectors, together with authorities, monetary, and meals and agriculture organizations.Whereas investigating latest exercise surrounding the ransomware-as-a-service (RaaS) and its new knowledge leak website, Sophos safety researchers found that the risk has been utilizing a classy approach that enables it to bypass safety merchandise.Known as ‘Convey Your Personal Driver’, the approach entails dropping a weak driver model on the sufferer’s machine, executing it, and abusing it to take away course of creation callbacks from the kernel reminiscence.For this, BlackByte ransomware abuses drivers that Micro-Star’s graphics card overclocking utility MSI AfterBurner 4.6.2.15658 makes use of to realize prolonged management over graphic playing cards on the system. The ransomware operators additionally use legitimate code signing certificates to signal these drivers.The RTCore64.sys driver, Sophos explains, is affected by an authenticated learn/write arbitrary reminiscence vulnerability. Tracked as CVE-2019-16098, the problem results in privilege escalation, info disclosure, and code execution with elevated privileges.The approach works as a result of “the I/O management codes in RTCore64.sys are immediately accessible by user-mode processes” and since the focused vulnerability will be exploited by merely accessing these management codes, with out the necessity for exploit code.BlackByte ransomware exploits the weak driver to take away callback entries of drivers utilized by EDR merchandise from kernel reminiscence, by overwriting them with zeros.“The evasion approach helps disabling a whopping checklist of over 1,000 drivers on which safety merchandise rely to supply safety,” Sophos notes.Different ransomware households on the market had been additionally seen utilizing this system in assaults this 12 months, albeit they abuse totally different drivers, together with the mhyprot2.sys anti-cheat driver for the Genshin Influence online game and the aswarpot.sys Avast anti-rootkit driver, which was being abused by AvosLocker ransomware.Associated: FBI Warns of BlackByte Ransomware Assaults on Essential InfrastructureAssociated: Ransomware Gang Says it Has Hacked 49ers Soccer GroupAssociated: Variety of Ransomware Assaults on Industrial Orgs Drops Following Conti ShutdownGet the Day by day Briefing Most CurrentMost LearnAustralian Police Make First Arrest in Optus Hack ProbeThe Zero Day DilemmaBlackByte Ransomware Abuses Official Driver to Disable Safety ProtectionsNew ‘Maggie’ Backdoor Focusing on Microsoft SQL ServersInsurance coverage Big Lloyd’s of London Investigating Cybersecurity IncidentCisco Patches Excessive-Severity Vulnerabilities in Communications, Networking MerchandisePrivate Info of 123Ok People Uncovered in Metropolis of Tucson Knowledge BreachHospital Chain Says ‘IT Safety Concern’ Disrupts OperationsQuantum-Protected Communications Startup Qunnect Raises $eight MillionFBI, CISA Say Malicious Cyber Exercise Unlikely to Disrupt ElectionSearching for Malware in All of the Mistaken Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act Via Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureMethods to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingMethods to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp BlackByte CVE-2019-16098 EDR evasion ransomware RTCore64.sys vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Okta Impersonation Technique Could be Utilized by AttackersIntroducing the Cyber Security News Okta Impersonation Technique Could be Utilized by Attackers.... August 30, 2022 Cyber Security News
Anonos Raises $50 Million for Data Privacy PlatformIntroducing the Cyber Security News Anonos Raises $50 Million for Data Privacy Platform.... October 21, 2022 Cyber Security News
Zimbra Credential Theft Vulnerability Exploited in AttacksIntroducing the Cyber Security News Zimbra Credential Theft Vulnerability Exploited in Attacks.... August 5, 2022 Cyber Security News
Shangri-La hotels Customer Database HackedIntroducing the Cyber Security News Shangri-La hotels Customer Database Hacked.... October 1, 2022 Cyber Security News
Rockstar Games Confirms Breach Leading to GTA 6 LeakIntroducing the Cyber Security News Rockstar Games Confirms Breach Leading to GTA 6 Leak.... September 19, 2022 Cyber Security News
Supply Chain Attack Technique Spoofs GitHub Commit MetadataIntroducing the Cyber Security News Supply Chain Attack Technique Spoofs GitHub Commit Metadata.... July 16, 2022 Cyber Security News
Dogwifhat Up 500% in 30 Days: Is It Worth Funnelling Profits to Slothana as the Next Solana Meme Coin to Explode?April 2, 2024 72
Solana Memecoin Presale Gone Wrong: Creator Accidentally Burns $10M, Whale Makes Huge ProfitMarch 18, 2024 70