ICT

Blackbyte Ransomware Abuses Legit Driver to Disable Security Products, Says NCC-CSIRT

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has flagged a high-impact threat to Windows operating system, the Blackbyte Ransomware, which has the capacity to bypass protections by disabling more than 1,000 drivers used by various security solutions.

The NCC-CSIRT said the BlackByte ransomware gang, which is using a new technique that researchers called, “Bring Your Own Vulnerable Driver,” is exploiting the security issue that allowed it to disable drivers that prevent multiple Endpoint Detection and Response (EDR) and antivirus products like Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security, from operating normally.

Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code execution flaw tracked as CVE-2019-16098.

The “Bring Your Own Vulnerable Driver” (BYOVD) method is effective because the vulnerable drivers are signed with a valid certificate and run with high privileges on the system.

Two notable recent examples of BYOVD attacks include Lazarus, abusing a buggy Dell driver and unknown hackers abusing an anti-cheat driver/module for the Genshin Impact game.

The NCC-CSIRT advisory recommended that system administrators protect against BlackByte’s new security bypassing trick by adding the particular MSI driver to an active blocklist, monitoring all driver installation events, and scrutinising them frequently to find any rogue injections that do not have a hardware match.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Related Posts

NITDA, Foundation to Train Nigerians on Emerging Creative Tech

Faith Maji's NewsHub

NITDA Moves to Reposition Nigeria as Africa’s Tech Hotspot

Faith Maji's NewsHub

NCC-CSIRT Sounds the Alarm over Pirated YouTube Software, Others

Faith Maji's NewsHub

FG Extends NIN-SIM Linkage as Enrolments Exceed 71m

Faith Maji's NewsHub

Forbes Technology Appoints Olatunji, Nigeria’s Data Bureau Boss into Its Council

Faith Maji's NewsHub

Lifting 100m Nigerians Out of Poverty: FG Charges Youth on ICT

Faith Maji's NewsHub

IT Skills: FG Directs NITDA to Develop National Digital Skills Roadmap

Faith Maji's NewsHub

NASA, FG Fine-tune Collaborative Strategy on Space Exploration, Broadband Deployment

Faith Maji's NewsHub

As Nigerians Await 5G Rollout, NCC Says Deadline Not Move After MTN Submitted Bid

Faith Maji's NewsHub

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

Faith Maji's NewsHub
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.