Of late, hackers have been trying to bypass the various anti-virus softwares and defeat the purpose of malware protection. Read on to know more about it…
Anti-virus (AV) software is used by most individuals and businesses to protect their digital assets against malware threats. However, AV protection is a full-time process, and AVs are in a cat-and-mouse game with malware, which uses obfuscation and polymorphism, Denial of Service (DoS) attacks, and malformed packets and parameters to try to get around or crash AV defences.
Antivirus software, on the other hand, responds by combining signature-based detection with anomaly or behavioural detection, as well as leveraging OS protection, standard code, and binary protection techniques. Malware also counteracts, for example, by exploiting adversarial inputs to prevent detection, and so on.
Countering AVs
Significant security flaws in well-known security software programs have been uncovered, which could allow an attacker to disable them. These apps can also be used to take control of applications and perform malicious actions. As a result, attackers can not only get beyond anti-ransomware protections, but also use them to carry out cyberattacks.
Researchers from the University of London and the University of Luxembourg conducted and provided the in-depth analysis of the twin attacks. Cut-and-Mouse and Ghost Control are the names of these attacks.
Prof. Gabriele Lenzini, Chief Scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg, said “Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals,”
“But they are competing with criminals which now have more and more resources, power, and dedication.”
The researchers attempted to encrypt files for the Cut-and-Mouse attack by abusing the protected folder feature of antivirus programs. By imitating mouse clicks, the Ghost Control attack can defeat the various antivirus programs real-time protection.
A restricted number of whitelisted applications, such as Notepad, are usually given permission to write to a protected folder. These applications, on the other hand, are not protected from being misused by other applications.
Because a malicious tool or malware can be used to undertake nefarious operations on protected folders using whitelisted applications as intermediaries, the attack shows that this level of trust is inappropriate.
The researchers tested a total of 29 antivirus solutions, and found that all of them were vulnerable to the Cut-and-Mouse attack and 14 of them was vulnerable to the Ghost Control attack.
Attack Scenario
Researchers devised a scenario in which malicious code may be used to take control of a trusted application like Paint or Notepad. These can be used to perform write operations on the victim’s files stored in the secured folders, as well as encrypt them.
Ransomware can read the contents of the files in folders, encrypt the contents in memory, and then copy them to the system clipboard. After this process, the Notepad is used to overwrite the contents of the folder with the clipboard data.
Furthermore, by employing Paint as a trusted application, the same attack sequence might be used to permanently corrupt user files by overwriting them with a randomly generated image.
Concluding Words
Malware authors are always trying to find new ways to get past security protections, and discovering attack scenarios like this can help them do so. Furthermore, nothing should be taken for granted in the world of cybersecurity, and users should defend themselves with various layers of security to decrease the risk of such novel attacks.