Overview
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security software before deploying file-encrypting malware.
Organisations Involved
The following organisations are mentioned in relation to this incident: Disable Security, Killers Use, Signed Vulnerable Drivers.
Multi-Source Coverage
This event has been reported across multiple outlets:
- 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security — thehackernews
Sources: thehackernews. Aggregated by Cybernews Agency pipeline.