Vulnerability cyber

Avast

Nov 26, 2024 1 min read
Avast

A malware campaign has been discovered targeting systems using a vulnerable Avast Anti-Rootkit driver. This driver allowed malware to disable security tools and assume control over the system. The compromise affected various security products from multiple companies, with the malware utilizing kernel-level access to terminate security processes. Organizations were advised to instate protections against BYOVD (Bring Your Own Vulnerable Driver) tactics, which use legitimate but compromised drivers to evade detection. Indicators of compromise have been provided to assist in thwarting such attacks, highlighting the importance of protecting systems against kernel-level threats posed by flawed security drivers.

Source: https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html

TPRM report: https://scoringcyber.rankiteo.com/company/avast

"id": "ava000112624",
"linkid": "avast",
"type": "Vulnerability",
"date": "11/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Security', 'type': 'Organizations'}],
 'attack_vector': 'Vulnerable Driver Exploit',
 'description': 'A malware campaign has been discovered targeting systems '
                'using a vulnerable Avast Anti-Rootkit driver. This driver '
                'allowed malware to disable security tools and assume control '
                'over the system. The compromise affected various security '
                'products from multiple companies, with the malware utilizing '
                'kernel-level access to terminate security processes. '
                'Organizations were advised to instate protections against '
                'BYOVD (Bring Your Own Vulnerable Driver) tactics, which use '
                'legitimate but compromised drivers to evade detection. '
                'Indicators of compromise have been provided to assist in '
                'thwarting such attacks, highlighting the importance of '
                'protecting systems against kernel-level threats posed by '
                'flawed security drivers.',
 'impact': {'systems_affected': ['Various security products from multiple '
                                 'companies']},
 'initial_access_broker': {'entry_point': 'Vulnerable Avast Anti-Rootkit '
                                          'driver'},
 'lessons_learned': 'Importance of protecting systems against kernel-level '
                    'threats posed by flawed security drivers.',
 'post_incident_analysis': {'corrective_actions': 'Protections against BYOVD '
                                                  'tactics',
                            'root_causes': 'Vulnerable Avast Anti-Rootkit '
                                           'driver'},
 'response': {'remediation_measures': ['Protections against BYOVD tactics']},
 'title': 'Malware Campaign Exploiting Avast Anti-Rootkit Driver',
 'type': 'Malware Campaign',
 'vulnerability_exploited': 'Avast Anti-Rootkit driver'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.