#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

BYOVD Attack | Breaking Cybersecurity News | The Hacker News

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Apr 24, 2023 Endpoint Security / BYOVD
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver ( BYOVD ) attack. "The AuKill tool abuses an outdated version of the  driver  used by version 16.32 of the Microsoft utility,  Process Explorer , to disable EDR processes before deploying either a backdoor or ransomware on the target system," Sophos researcher Andreas Klopsch  said  in a report published last week. Incidents analyzed by the cybersecurity firm show the use of AuKill since the start of 2023 to deploy various ransomware strains such as Medusa Locker and LockBit. Six different versions of the malware have been identified to date. The oldest AuKill sample features a November 2022 compilation timestamp. The  BYOVD technique  relies on threat actors misusing a legitimate, but out-of-date and exploitable, driver signed by Microsoft (or usin
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

Oct 07, 2022
In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch  said  in a new technical write-up. BYOVD is an  attack technique  that involves threat actors abusing vulnerabilities in legitimate, signed drivers to achieve successful kernel-mode exploitation and seize control of compromised machines. Weaknesses in signed drivers have been increasingly co-opted by nation-state threat groups in recent years, including  Slingshot ,  InvisiMole ,  APT28 , and most recently, the  Lazarus Group . BlackByte, believed to be an offshoot of the  now-discontinued Conti group , is part of the big game cybercrime crews, which zeroes in on large, high-profile targets as part of
cyber security

Cracking the Code to Vulnerability Management

websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report
Transform Your Data Security Posture – Learn from SoFi's DSPM Success

Transform Your Data Security Posture – Learn from SoFi's DSPM Success

Nov 28, 2023Data Security / Posture Management
As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud. This informative webinar, " Securing Sensitive Data Starts with Discovery and Classification: SoFi's DSPM Story " unveils the success story of SoFi, a pioneering cloud-native financial services provider, and its journey with Sentra's DSPM. It explores the challenges and triumphs in securing cloud data and a roadmap to implementing effective DSPM strategies in your organization. Expert Panel: Aviv Zisso:  As Director of Customer Success at Sentra, Aviv brings deep insights into data security needs and solutions. Pritam H Mungse:  SoFi's Director of Product Security, Pr
Cybersecurity Resources