Threat actors associated with the BlackByte ransomware group are employing a new sophisticated technique, dubbed “Bring Your Own Driver,” which enables attackers to bypass system and network defenses by disabling more than 1,000 drivers used by various security solutions, according to security researchers at Sophos. Researchers analyzed past attacks and found that Blackbyte threat actors have exploited known vulnerabilities in legitimate drivers resulting in disabled drivers and the prevention of endpoint detection and response (EDR) and antivirus products from operating normally. The Sophos report details step-by-step the cyber-attack chain associated with Bring Your Own Driver attacks. Threat actors are abusing this vulnerability to successfully compromise organizations in the wild. System administrators are encouraged to scrutinize all driver installations for rogue injections. Access the full report at Sophos or read a relevant article at BleepingComputer.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!