A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives. Alex Mathews, lead security evangelist at Positive Technologies commented below.
Alex Mathews, Lead Security Evangelist at Positive Technologies:
“Many people do not consider antivirus tools to be a threat. However, as with any complicated programs, antiviruses are inherently vulnerable. Because antivirus processes are trusted and run in privileged mode with extensive access right, they have become an appealing target for attackers, as their exploitation can lead to system compromise. The swelling numbers of exploits found and published in exploit-db and other resources indicate that this is a growing problem.
“Despite its vulnerabilities, we cannot completely abandon the use of antivirus software, so we need to learn how to protect it. An effective protection system should demonstrate detection accuracy and risk minimization.
“For example, scanning performed by several antivirus engines significantly increases accuracy and speed of threat detection. Some online services like VirusTotal can rise to the challenge but require uploading your files, which could lead to info leakage to third parties. It makes sense to perform such scans on a local server, which eliminates any involvement of outsider applications.
“In addition, security risks may be mitigated if all suspicious files are examined in an isolated and secure environment. We should understand that modern malicious software is able to analyze a target environment and either bypass sandboxes or stay hidden. That is why it is recommended to employ honeypots as they mimic the real system making it easy to observe malicious behaviour for a prolonged period of time without being noticed.
“However, even after malware is detected, an antivirus is not able to trace back all the objects that were affected by it. This means that a security system should support forensic analysis functionality.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…