Security flaws: Microsoft Defender and Kaspersky exposed

During the Black Hat Asia event in Singapore, cybersecurity analysts highlighted critical vulnerabilities in leading antivirus software such as Microsoft Defender and Kaspersky. These problems would allow an attacker to delete files remotely by exploiting the defense mechanisms of the systems themselves. Experts have demonstrated how it is possible to manipulate the antivirus to make it recognize otherwise harmless files as dangerous, causing them to be deleted.

Attack mode: induced false positives

The attack method exploits the insertion of digital signatures associated with known malware into legitimate files. This deception leads Defender and Kaspersky's Endpoint Detection and Response (EDR) tools to misclassify them as threats and proceed with their elimination. This practice could lead not only to significant data loss but also to potential extortion, with attackers offering to recover deleted data upon payment of a ransom.

Patch efficiency and vulnerability persistence

Although Microsoft has released patches (CVE-2023-24860 and CVE-2023-3601) aimed at mitigating these risks, evidence suggests that the solutions implemented are not completely conclusive. This situation highlights a broader cybersecurity issue, namely the difficulty in ensuring that fixes are effective and timely in protecting end-user systems.

Importance of backup strategies

In this light, the importance of adopting robust and efficient backup strategies would emerge. Having a solid backup plan can act as a lifesaver in cases of accidental or malicious deletion of critical files. This approach proves essential to mitigate the consequences of software vulnerabilities that have not yet been fully resolved, maintaining the integrity and accessibility of corporate or personal data.