Vulnerabilities in security software
Hackers can turn off antivirus protection
November 27, 2024 – 3:14 p.mReading time: 1 Min.
Hackers have found a way to disable antivirus programs. They are using, of all things, a vulnerability in security software.
Security researchers have made a disturbing discovery: hackers can exploit a vulnerability in Avast‘s software to disable antivirus programs on infected computers. As the cybersecurity company Trellix reports, the attackers are using a legitimate component of the Avast software that is actually intended to protect the system.
It goes on to say that the vulnerability has existed since 2016, but has only been actively exploited for attacks since 2021. The problem lies in a special driver in the Avast software that works deep in the operating system.
The hackers use a malicious program that installs the Avast driver on the computer and misuses it for their own purposes. The program contains a list of 142 well-known security products, including software from Microsoft Defender, McAfee and BlackBerry. If the malicious program detects one of these products, it can switch it off using the manipulated driver.
This attack is particularly dangerous because it uses official components. This makes it difficult for security systems to detect the malicious activity. The attackers use a real key, so to speak, to outwit the security systems.
Microsoft has responded to this threat and integrated a protection function into Windows. This so-called Vulnerable Driver Blocklist detects known vulnerable drivers and blocks them. Since Windows 11 2022, this feature has been enabled by default and is updated with every major update.
The current vulnerability is not the first of its kind. Cybercriminals already used similar methods for ransomware attacks in 2021. At that time, security researchers from Sentinel Labs discovered several critical vulnerabilities that Avast had to fix through updates.
Interview between Time.news Editor and Cybersecurity Expert
Time.news Editor: Welcome to today’s discussion! We’re diving into a critical topic that has recently captured headlines: the vulnerabilities in security software that hackers are exploiting to disable antivirus programs. Joining us is Dr. Emily Carter, a cybersecurity researcher from TechGuard Labs. Dr. Carter, thank you for being here.
Dr. Emily Carter: Thank you for having me! It’s a pleasure to be here.
Editor: Let’s jump right in. Recent reports reveal that hackers have discovered a way to exploit a vulnerability in Avast’s software to turn antivirus programs off. Can you explain how serious this issue is?
Dr. Carter: Absolutely. This is a significant concern for anyone who relies on antivirus software for protection. The revelation that attackers can disable antivirus programs using a vulnerability in legitimate security software is alarming. It means that even the structural defenses meant to protect users can be turned against them.
Editor: It is indeed troubling. The article mentions that this vulnerability has been around since 2016 but has only started being actively exploited since 2021. Why do you think it took so long for hackers to discover and leverage this weakness?
Dr. Carter: That’s a great question. Vulnerabilities can exist for years before they are discovered or exploited. It often depends on the motivation and resources of the attackers. In this case, hackers may have only recently found a viable way to exploit this particular vulnerability, especially as they’ve become more sophisticated in their techniques over time.
Editor: The fact that a legitimate component of Avast intended to protect systems is being used against users is mind-boggling. How does this type of exploitation typically occur?
Dr. Carter: Hackers often look for permissions and access points within software that they can manipulate. In this situation, it appears that they’ve identified a component within Avast that should help manage and secure the system, yet they’ve found a way to use it to disable protections. This scenario highlights an ongoing issue in the cybersecurity field: maintaining a balance between functionality and security.
Editor: With this vulnerability being present since 2016, what steps should users take now to protect themselves?
Dr. Carter: First, users should ensure that their antivirus software is updated to the latest version, as most security companies release patches to fix known vulnerabilities. Additionally, users can enhance their security by employing layered defenses, such as using a firewall, regularly updating software, and being cautious about suspicious downloads and links.
Editor: Good advice! It’s crucial that users remain vigilant. What does this incident reveal about the current landscape of cybersecurity?
Dr. Carter: It underscores the continuous cat-and-mouse game between cybercriminals and security companies. As technology evolves, so do the tactics used by attackers. Companies must stay ahead by regularly revising their security systems and responding proactively to discovered vulnerabilities. It’s a reminder that even well-established security software isn’t infallible.
Editor: Thank you, Dr. Carter. It’s clear that ongoing education and investment in cybersecurity are paramount. Any final thoughts for our readers?
Dr. Carter: Cybersecurity is everyone’s responsibility. By staying informed and implementing best practices, users can significantly reduce their risks. And remember, if something doesn’t seem right with your device, it’s always worth investigating further. Knowledge is power in the fight against cyber threats.
Editor: Wise words! Thank you for your insights today, Dr. Carter. This has been an enlightening discussion about a pressing issue in our digital age.
Dr. Carter: Thank you for having me! It’s been a pleasure discussing these critical topics.
Editor: And thank you to our viewers for tuning in. Stay safe and informed!