Security flaws: Microsoft Defender and Kaspersky exposed
Risk of false positives and data deletion in environments protected by security solutions deemed reliable
Vulnerabilities in antivirus software from Microsoft and Kaspersky were discovered at the Black Hat Asia event, allowing false positive attacks that delete legitimate files. Despite the patches, the problem persists. Important to have robust backups.
During the Black Hat Asia event in Singapore, cybersecurity analysts highlighted critical vulnerabilities in leading antivirus software such as Microsoft Defender and Kaspersky. These problems would allow an attacker to delete files remotely by exploiting the defense mechanisms of the systems themselves. Experts have demonstrated how it is possible to manipulate the antivirus to make it recognize otherwise harmless files as dangerous, causing them to be deleted.
Attack mode: induced false positives
The attack method exploits the insertion of digital signatures associated with known malware into legitimate files. This deception leads Defender and Kaspersky's Endpoint Detection and Response (EDR) tools to misclassify them as threats and proceed with their elimination. This practice could lead not only to significant data loss but also to potential extortion, with attackers offering to recover deleted data upon payment of a ransom.
Patch efficiency and vulnerability persistence
Although Microsoft has released patches (CVE-2023-24860 and CVE-2023-3601) aimed at mitigating these risks, evidence suggests that the solutions implemented are not completely conclusive. This situation highlights a broader cybersecurity issue, namely the difficulty in ensuring that fixes are effective and timely in protecting end-user systems.
Importance of backup strategies
In this light, the importance of adopting robust and efficient backup strategies would emerge. Having a solid backup plan can act as a lifesaver in cases of accidental or malicious deletion of critical files. This approach proves essential to mitigate the consequences of software vulnerabilities that have not yet been fully resolved, maintaining the integrity and accessibility of corporate or personal data.
Follow us on Threads for more pills like this04/23/2024 12:35
Marco Verro