Threat Awareness – Beware of BlackByte Ransomware Disabling Security Products

Threat actors associated with the BlackByte ransomware group are employing a new sophisticated technique, dubbed “Bring Your Own Driver,” which enables attackers to bypass system and network defenses by disabling more than 1,000 drivers used by various security solutions, according to security researchers at Sophos. Researchers analyzed past attacks and found that Blackbyte threat actors have exploited known vulnerabilities in legitimate drivers resulting in disabled drivers and the prevention of endpoint detection and response (EDR) and antivirus products from operating normally. The Sophos report details step-by-step the cyber-attack chain associated with Bring Your Own Driver attacks. Threat actors are abusing this vulnerability to successfully compromise organizations in the wild. System administrators are encouraged to scrutinize all driver installations for rogue injections. Access the full report at Sophos or read a relevant article at BleepingComputer.