Post by Symantec
445,718 followers
🚨NEW: Attackers are not trying to sneak past your defenses. They are switching them off entirely. Bring Your Own Vulnerable Driver (BYOVD) has gone from a niche tactic to something close to an epidemic over the past three years. Attackers abuse legitimate, validly signed kernel drivers to seize control, then kill, blind, or cripple the very security products meant to stop them. Yea, it's brutal. Microsoft's protective features are worth deploying, but they weren't built to stop data-only attacks that entirely bypass them. Every new driver resets the clock, and defenders are always catching up. ⏳ Our Threat Hunter Team's new report breaks down exactly how BYOVD works, why current defenses fall short, and how Symantec and Carbon Black monitor driver interactions so that even an unknown vulnerable driver can be caught the first time it appears. Find the full blog in the comments. 👇
Video Content