Hackers are using this old trick to dodge security protections

Image: Getty/Manuel Breva Colmeiro

Cyber criminals are exploiting an old vulnerability in Intel drivers in an attempt to gain access to networks in a way that allows them to bypass cybersecurity protections. 

The attacks have been detailed by cybersecurity researchers at Crowdstrike, who suggest the campaign targeting Windows systems is the work of a cyber-criminal group they track as Scattered Spider — also known as Roasted 0ktapus and UNC3944. 

Scattered Spider is a financially motivated cybercrime operation, which researchers say takes particular interest in telecoms and the business outsourcing sectors, with the objective of gaining access to mobile carrier networks. 

It’s thought that the attackers initially gain access to networks by using SMS phishing attacks to steal usernames and passwords. In some cases, the attackers have used this access to gain access to additional credentials, while the group is also thought to engage in SIM-swapping attacks.  

Also: Cybersecurity: These are the new things to worry about in 2023

Once inside a network, Scattered Spider uses a technique that Crowdstrike describes as ‘Bring Your Own Vulnerable Driver’ (BYOVD), which targets loopholes in Windows security. 

While Microsoft attempts to limit the capabilities of malware gaining access to systems by preventing unsigned kernel-mode drivers to be run by default, attackers can get around this with BYOVD, which enables them to install a legitimately signed but malicious driver to carry out attacks. 

The legitimately signed certificates can be stolen, or attackers find workarounds that allow

Read more

Explore the site

More from the blog

Latest News