Security company Sophos warns of a new ransomware attack that uses a vulnerable Gigabyte driver in an attempt to break into a Windows system and then disable the running security software.
The attack is based on a security flaw found in 2018 in a Gigabyte driver and detailed in CVE-2018-19320. The driver, which has already been abandoned after Gigabyte acknowledged the bug, allows malicious actors to exploit the vulnerability in an attempt to get access to a device and deploy a second driver whose purpose would be to kill off antivirus products.
“This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference,” Sophos
Advertise on IT Security News.
Read the complete article: Hackers Use Vulnerable Windows Driver to Turn Off the Antivirus