Connect with us

Hi, what are you looking for?

News

NCC alerts Nigerians on antivirus-crippling threat

NCC alerts Nigerians on antivirus-crippling threat
NCC

The Nigerian Communications Commission’s Computer Security Incident Response Team has declared Windows operating system, the Blackbyte Ransomware a high-impact threat.

According to Daily Post, NCC-CSIRT said the Blackbyte Ransomware has the capacity to bypass protections by disabling more than 1,000 drivers used by various security solutions.

NCC-CSIRT in a notice sent to journalists on Saturday said the BlackByte ransomware gang is using a new technique that researchers called “Bring Your Own Vulnerable Driver”,

It further explained that Blackbyte is exploiting the security issue that allowed it to disable drivers that prevent multiple Endpoint Detection and Response and antivirus products like Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security, from operating normally.

Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code execution flaw tracked as CVE-2019-16098.

The NCC notice further said the “Bring Your Own Vulnerable Driver” method is effective because the vulnerable drivers are signed with a valid certificate and run with high privileges on the system.

Two notable recent examples of BYOVD attacks include Lazarus, abusing a buggy Dell driver and unknown hackers abusing an anti-cheat driver/module for the Genshin Impact game.

The NCC-CSIRT advisory recommended that system administrators protect against BlackByte’s new security bypassing trick by adding the particular MSI driver to an active blocklist, monitoring all driver installation events, and scrutinising them frequently to find any rogue injections that do not have a hardware match.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and probl

ems or related events.

Click to comment

Leave a Reply

Your email address will not be published.

You May Also Like

Telecommunications

Vodafone chief executive Nick Read is stepping down as chief executive of the group after four years in the top job, the telecoms group...

featured

Facebook has officially threatened to eliminate news content from its US platform if the Congress demands big tech companies to pay publishers and broadcasters...

Mobile

The Nigerian Communications Commission has said that the country’s internet subscribers rose to 152.71 million in October 2022.   In an update on industry...

featured

Tech company, Google, has introduced a “Continuous Scrolling” feature on desktop to eliminate the need for users to navigate across pages to find relevant...

Advertisement