One of the recent developments in hacking has been the Bring Your Own Vulnerable Driver (BYOVD) attack, but what is it and how do you defend against one?
By now, the Ophtek blog should have informed you about ransomware, trojans, and cryptojacking, but we’ve rarely mentioned the dangers of a BYOVD attack. In the past, BYOVD attacks were mostly carried out by only the most sophisticated threat actors, but they’re now becoming increasingly popular with even basic bedroom hackers. Therefore, today is the day we remedy this and provide you with a fully comprehensive look at BYOVD attacks and how you can stay safe.
The Role of Drivers within Your PC
Before we dig deep down into the mechanics of a BYOVD attack, it’s important that you understand what’s at the heart of their malicious activities: drivers. You’ve no doubt heard of drivers in passing, but it’s only the most die-hard PC user who would fully understand what they do. Their main role is as a file used to support software applications. They work by acting as a bridge between an operating system and a device e.g. between Windows and a graphics card.
Without drivers, your PC simply wouldn’t work. From your display through to your speakers and printer, there would be no way for your operating system to communicate with these devices. This makes drivers a crucial part of any PC, but it also means they’re ripe for cyberattacks.
Breaking Down a BYOVD Attack
We’re all aware of software vulnerabilities, and a BYOVD is a unique take on this method of hacking. In a BYOVD attack, threat actors will trick their victims into downloading outdated, vulnerable drivers onto their PC. This could be through phishing emails or pop-up adverts, with the main objective of getting these unsafe drivers downloaded onto a PC along with a nasty dose of malware. With these vulnerable drivers in place, threat actors can take control of the infected PC.
BYOVD attacks are dangerous for the following reasons:
- Data Theft: With BYOVD attacks capable of bypassing your security software, they not only have easy access to all your data but can effortlessly transmit it to remote servers.
- Install Further Malware: IT systems with vulnerabilities exploited are at risk of having further malware installed on them. So, for example, a threat actor could first gain access to your system before downloading further malware to facilitate DDoS attacks or support cryptojacking.
- Damage Your Productivity: A BYOVD attack can quickly render your IT systems unusable due to the capabilities of drivers. By exploiting the deep access and reach drivers have, threat actors have the opportunity to disable network components, corrupt system files, and damage hardware.
You can find out more specifics of the impact of a BYOVD attack by checking out our article on the EDRKillShifter malware.
Protecting Your IT Systems from BYOVD Attacks
You may have been unfamiliar with BYOVD attacks, but you should now have a basic understanding of how they operate. The next step is to protect yourself by implementing these security practices:
- Driver Whitelisting: this is a method whereby only authorized system users have the privileges to install drivers on your IT infrastructure. Even then, the use of Windows Defender Application Control should also be utilized to ensure that only pre-approved, digitally signed drivers can be installed.
- Regular Updates: one of the simplest ways to protect against BYOVD attacks is by installing all updates and patches as soon as possible. Automating these updates allows you to guarantee that you have the freshest, most secure drivers on your system at all times.
- Employee Education: BYOVD attacks are often distributed by phishing attacks, so it’s useful to educate, and regularly refresh, your employees on the telltale signs of a phishing attack. This could prove invaluable as your employees are your most important defense against cyberattacks.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More