Attackers are increasingly targeting Windows by exploiting vulnerable drivers, according to Kaspersky experts.
In the second quarter of 2024, the number of systems attacked using this technique increased by nearly 23 percent compared to the first quarter.
Vulnerable drivers may be exploited for a wide range of attacks, including ransomware and Advanced Persistent Threats (APTs).
Cyberattacks that utilise vulnerable drivers are known as BYOVD (Bring Your Own Vulnerable Driver). They allow threat actors to attempt to disable security solutions on a system and escalate privileges, enabling them to carry out various malicious activities, such as installing ransomware or establishing persistence for espionage or sabotage, particularly if an Advanced Persistent Threat (APT) group is behind the attack.
Kaspersky reported that this attack technique accelerated in 2023 and is currently gaining momentum, with a potential impact on both individuals and organisations.
In Q2 2024, the number of systems attacked with the BYOVD technique increased by almost 23 percent compared to the previous quarter.
“While the drivers themselves are legitimate, they may contain vulnerabilities. These vulnerabilities can then be exploited for malicious purposes. Perpetrators use various tools and methods to install a vulnerable driver on the system.
“Once the operating system loads this driver, the attacker can exploit it to circumvent OS kernel security boundaries for their own goals,” explained Vladimir Kuskov, Head of Anti-Malware Research at Kaspersky.
One concerning aspect of this trend is the proliferation of tools that exploit vulnerable drivers – they can be found online. While relatively few of these tools exist in 2024 – only 24 projects have been published since 2021– Kaspersky experts observed an increase in the number of these tools being published online last year.
READ ALSO: ‘Victim not our student,’ OAU disowns viral news of rape, robbery incident
and then