Blackbyte Ransomware abuses legit driver to disable security products, says NCC-CSIRT

Sun, Oct 9, 2022
By editor
2 MIN READ

Business

THE Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has flagged a high-impact threat to Windows operating system, the Blackbyte Ransomware, which has the capacity to bypass protections by disabling more than 1,000 drivers used by various security solutions.

The NCC-CSIRT said the BlackByte ransomware gang, which is using a new technique that researchers called, “Bring Your Own Vulnerable Driver,” is exploiting the security issue that allowed it to disable drivers that prevent multiple Endpoint Detection and Response (EDR) and antivirus products like Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security, from operating normally.

Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code execution flaw tracked as CVE-2019-16098.

The “Bring Your Own Vulnerable Driver” (BYOVD) method is effective because the vulnerable drivers are signed with a valid certificate and run with high privileges on the system.

Two notable recent examples of BYOVD attacks include Lazarus, abusing a buggy Dell driver and unknown hackers abusing an anti-cheat driver/module for the Genshin Impact game.

The NCC-CSIRT advisory recommended that system administrators protect against BlackByte’s new security bypassing trick by adding the particular MSI driver to an active blocklist, monitoring all driver installation events, and scrutinising them frequently to find any rogue injections that do not have a hardware match.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

A.I

Tags: Blackbyte Ransomware NCC-CSIRT Nigerian Communications Commission


Related Posts

Pivacy breach: Experts caution NGO against disclosure of donors details

A Digital Trust expert, Amaka Ibeji has expressed concern over the decision by Martins Vincent Otse Initiative (MVOI) to publicly...

Read More
Fun seekers, families enjoy 10-day festive season experience 

INDOMIE Noodles brought festive cheer with its record-breaking tallest Christmas Tree, creating a magical experience for families and fun seekers. ...

Read More
Fidelity launches initiative for children with special needs

FIDELITY Bank Plc, has introduced an initiative tagged: “Bundles of Joy”, designed to support children with special needs and their...

Read More

Most Read

BusinessAfreximbank participates in Bank of Industry Nigeria’s syndicated facility of up to EUR 2-billionBy editor2 MIN READ
AfricaAbuja stampede: Wike directs free treatment for victimsBy editor2 MIN READ
BusinessWatch all DStv stations free for 72hrs – MultiChoice By editor2 MIN READ
AfricaEnergy Industry Congratulates John Mahama on Re-election, Commends Progress in Oil and Gas SectorBy editor2 MIN READ
EducationABU International Studies Alumni offers scholarships to 20 indigent students By editor2 MIN READ

Subscribe to Our Newsletter

Keep abreast of news and other developments from our website.

Latest Stories

HURIWA declares Governor Fubara’s emergence as divine

Tiff between me and my friend, Umar Iliya Damagum

Does Africa have January problem?