Threat actors have developed a new approach to malware that exploits legitimate drivers making it more difficult to defend against the malware. To date over 1000 drivers have been impacted:
BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)
What makes this “Bring Your Own Vulnerable Driver” (BYOVD) method of attack so effective is that the impacted drivers are signed with a valid trusted certificate, so they run with elevated privileges.
The article refers to a couple of examples, one exploiting a graphics driver and the other a buggy Dell driver but there are sure to be more, so watch this space and your vendor update pages.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
