Ransomware gangs are abusing an out-of-date Microsoft software driver to disable security defenses before dropping malware into the targeted systems. The hacking tool, which Sophos X-Ops researchers are calling AuKill, is the latest example in a growing trend where threat gangs either abuse a legitimate commercial driver to get past endpoint detection and response (EDR) software on the systems – the so-called bring-your-own-vulnerable-driver (BYOVD) attack – or work to get a malicious driver digitally signed by a trusted certificate.
Read full article on The Register