As reported by Bleeping Computer, the BlackByte ransomware group is utilizing a newly discovered method related to the RTCore64.sys driver to circumvent more than 1,000 legitimate drivers.
Once the drivers have been turned off by the hackers, they can operate under the radar due to the lack of multiple endpoint detection and response . The vulnerable drivers are able to pass an inspection via a valid certificate, and they also feature high privileges on the PC itself. Due to the exploit, threat actors can freely read, write, or execute code within a system’s kernel memory.
Furthermore, the group’s malware scans the system for any potential hooking DLLs connected to Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security. Should any be found by the search, BlackByte disables its ability to function.
Entertainment Entertainment Latest News, Entertainment Entertainment Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: THR - 🏆 411. / 53 Read more »