November 25, 2024 at 04:24AM Researchers have identified a new malware campaign utilizing the Bring Your Own Vulnerable Driver (BYOVD) technique. This malware exploits a legitimate Avast Anti-Rootkit driver to disable security measures and gain kernel-level access, terminating 142 processes. The initial access vector and the scale of these attacks remain unknown. **Meeting Takeaways: Cybersecurity … Read more
November 23, 2024 at 04:12PM A new malware campaign leverages an outdated Avast Anti-Rootkit driver to disable security components and evade detection. By targeting processes from various security vendors, the malware can operate undetected. Researchers recommend using signature-based rules and Microsoft’s vulnerable driver blocklist to mitigate such risks. ### Meeting Takeaways: 1. **Emerging Malware Threat**: … Read more
August 15, 2024 at 02:03PM RansomHub ransomware operators have deployed a new malware, EDRKillShifter, to disable EDR security software in BYOVD attacks. Discovered by Sophos researchers, the malware exploits vulnerable drivers to escalate privileges and disable security solutions. Sophos recommends enabling tamper protection and maintaining a separation between user and admin privileges to mitigate such … Read more
May 22, 2024 at 05:47AM Cybersecurity researchers have identified a new cryptojacking campaign, known as REF4578 or HIDDEN SHOVEL, using a Bring Your Own Vulnerable Driver (BYOVD) attack to disable security solutions. The campaign employs an intricate method involving PowerShell scripts, scheduled tasks, and various modules to deploy the XMRig miner and evade detection. Additionally, … Read more
March 26, 2024 at 05:22PM A new and improved variant of the group’s malware is causing chaos in virtual environments by combining fileless infection, BYOVD, and other advanced techniques. Based on the meeting notes, it seems that a new, enhanced version of the group’s malware has been developed. This variant combines fileless infection, BYOVD, and … Read more
January 24, 2024 at 07:06AM Kasseika, a new ransomware group, has adopted the Bring Your Own Vulnerable Driver (BYOVD) attack to evade security processes on Windows hosts, demonstrating similarities with the now-defunct BlackMatter. Their attack chain begins with a phishing email, followed by deploying remote administration tools and executing a malicious batch script. The ransomware … Read more
January 23, 2024 at 03:04PM A ransomware operation called ‘Kasseika’ has emerged, employing Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. It abuses a vulnerable driver to disable antivirus products protecting the system. Similarities with BlackMatter indicate possible connections. Victims are given 72 hours to deposit 50 Bitcoins, with … Read more