Researchers have discovered an end-point security evasion mechanism used by the group known as BlackCat. The new technique conceals the gang’s defensive measures when inside a network. The cybercrime group was discovered employing signed Microsoft kernel drivers to control and terminate security processes installed on protected machines.
As per the analysis, this is expected to become a standard technique in the arsenal of cybercriminals.
Then, Microsoft revoked multiple Microsoft hardware developer accounts used in these assaults.
BlackCat ransomware’s end-point security evasion mechanism has been discovered.
Affiliates of BlackCat have been known to employ a variety of defense evasion techniques in order to remain undetected in a system for as long as possible. The most recent method is the use of malicious kernel drivers that have been signed through Microsoft hardware developer accounts. According to Trend Micro research, this enables to impair defenses on a victimized computer by manipulating, halting, and killing numerous processes on target end-points associated to security agents.
A kernel-mode driver will not operate if it is not signed by a trustworthy certification authority. According to a Microsoft Build article, the operating system would not enable untrusted drivers to function, and conventional procedures such as kernel debugging and test signing will
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: