Antivirus solutions are seen as an important shields against cyber threats, but have now themselves become particularly important entry points for hackers, because a hacked antivirus cannot prevent hacker attacks. The attack is often only made possible through the protection. This new approach says a lot about the evolution of cyberattacks and the necessary responses to them.
Why Do Antiviruses Attack?
It may seem not like this: Do cyber attackers take the risk of setting off an alarm if they hack an antivirus? Attackers always try to hide malware from security by using disguised codes. With the constant development of antivirus, this is becoming increasingly difficult. So they’d better shut down the antivirus before starting the actual cyber attack.
Other vulnerabilities allow you to take control of a higher level, which allows you to execute commands. From this point on you can expand the radius of action. This approach is quite simple. It is more difficult and time consuming to identify exploitable vulnerabilities, but attackers always find what they are looking for, even with antiviruses. If the virus protection can be manipulated, hackers can acquire rights on a device, even as an administrator.
Expansion Of The Attack Surface
Antivirus software means lines of code and possible bugs that can develop into vulnerabilities. And software contains several thousand lines of code. If you add software to a device, its attack surface increases. There is always a great risk here.
The Stages Of An Attack
An example of a widespread vulnerability used to hack an antivirus are links between files. The purpose is to draw the antivirus attention to a different file than the one containing the malware. The second step is to steal access rights. The security solutions have the highest access rights on the workstation, so that apps can be held up if necessary. If you penetrate the software as an administrator, you gain all rights.