A new proof-of-concept exploit known as DoubleAgent can not only hijack third-party Windows antivirus software, but use said software to deliver further attacks. While there’s no evidence that the exploit has made its way into the wild yet, most antivirus programs are still completely susceptible to it. Gavin Millard, EMEA Technical Director at Tenable Network Security commented below.
Gavin Millard, EMEA Technical Director at Tenable Network Security:
“Whilst the research and results of DoubleAgent are interesting, it should be noted that administrator privileges would most likely be required to successfully hijack the target executables. If an attacker has admin privileges on an end point, this could become a sneaky method of hiding code and gaining persistence, but it’s doubtful this will become a major attack vector for malware and ransomware.
“The approach of least privilege, using the operating system with a standard user account rather than administrator and restricting local admin access, should mitigate this or make it exceedingly difficult to successfully exploit.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…