• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers demonstrate how edr and antivirus can be weaponized against

Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users

You are here: Home / General Cyber Security News / Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
December 12, 2022

Substantial-severity security vulnerabilities have been disclosed in different endpoint detection and reaction (EDR) and antivirus (AV) merchandise that could be exploited to switch them into information wipers.

“This wiper runs with the permissions of an unprivileged consumer still has the means to wipe pretty much any file on a program, such as method documents, and make a computer totally unbootable,” SafeBreach Labs researcher Or Yair mentioned. “It does all that with no implementing code that touches the focus on files, generating it entirely undetectable.”

EDR computer software, by structure, are capable of continually scanning a device for probably suspicious and malicious data files, and getting proper motion, these types of as deleting or quarantining them.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The plan, in a nutshell, is to trick vulnerable security items into deleting respectable data files and directories on the process and render the equipment inoperable by building use of specifically crafted paths.

CyberSecurity

This is reached by using advantage of what is actually termed a junction place (aka gentle url), where a directory serves as an alias to yet another listing on the pc.

Place in different ways, between the window the EDR program identifies a file as malicious and attempts to delete the file from the method, the attacker uses a junction to position the software program in direction of a different path, like C: generate.

The strategy, however, failed to result in a wipe as EDRs prevented further accessibility to a file right after it was flagged as malicious. What is actually more, really should the rogue file be deleted by the person, the software was intelligent enough to detect the deletion and quit by itself from acting on it.

The final option arrived in the form of a wiper resource, dubbed Aikido, that triggers the privileged delete by building a destructive file at a decoy directory and not granting it any permission, resulting in the EDRs to postpone the delete right up until following reboot.

Given this new attack interval, all an adversary has to do is delete the listing containing the rogue file, produce a junction to place to the focus on directory to be deleted, and reboot the process.

Prosperous weaponization of the procedure could end result in the deletion of procedure documents like motorists, blocking the functioning process from booting. It can also be abused to get rid of all information from administrator user directories.

Out of 11 security products and solutions that were being examined, six had been found susceptible to the zero-day wiper exploit, prompting the distributors to launch updates to handle the shortcoming –

  • CVE-2022-37971 (CVSS rating: 7.1) – Microsoft Defender and Defender for Endpoint
  • CVE-2022-45797 (CVSS score: N/A) – Craze Micro Apex One
  • CVE-2022-4173 (CVSS score: 8.8) – Avast and AVG Antivirus

“The wiper executes its malicious actions employing the most reliable entity on the program — the EDR or AV,” Yair said. “EDRs and AVs do not protect against by themselves from deleting files.”

Discovered this posting attention-grabbing? Comply with us on Twitter  and LinkedIn to go through extra unique content material we submit.


Some sections of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Chaos RAT Used to Enhance Linux Cryptomining Attacks
Next Post: HSE Cyber-Attack Costs Ireland $83m So Far Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.