topic BYOVD Attacks in Threats https://community.isc2.org/t5/Threats/BYOVD-Attacks/m-p/83890#M1713 <P>Ransomware group is weaponizing a legitimate but vulnerable driver to disable or kill security process (AV / EDR) on victim machines.</P><P data-unlink="true"><SPAN class="">This is accomplished through what's known as a<SPAN>&nbsp;</SPAN></SPAN><SPAN class=""><A href="https://www.darkreading.com/vulnerabilities-threats/gentlemen-ransomware-vulnerable-driver-security-gear" target="_blank" rel="noopener">bring-your-own-vulnerable-driver (BYOVD)</A> attack&nbsp;</SPAN><SPAN class="">, in which threat actors use the driver's kernel-level access to manipulate and even terminate processes that would otherwise be protected.</SPAN></P><P data-unlink="true">&nbsp;</P><P>&nbsp;</P><P>Implement strict driver control policies, ensuring only trusted and patched drivers can be loaded. Continuously monitor for abnormal driver activity and privilege escalation attempts to quickly detect and block BYOVD attacks.</P><P>&nbsp;</P> Fri, 12 Sep 2025 14:45:35 GMT akkem 2025-09-12T14:45:35Z BYOVD Attacks https://community.isc2.org/t5/Threats/BYOVD-Attacks/m-p/83890#M1713 <P>Ransomware group is weaponizing a legitimate but vulnerable driver to disable or kill security process (AV / EDR) on victim machines.</P><P data-unlink="true"><SPAN class="">This is accomplished through what's known as a<SPAN>&nbsp;</SPAN></SPAN><SPAN class=""><A href="https://www.darkreading.com/vulnerabilities-threats/gentlemen-ransomware-vulnerable-driver-security-gear" target="_blank" rel="noopener">bring-your-own-vulnerable-driver (BYOVD)</A> attack&nbsp;</SPAN><SPAN class="">, in which threat actors use the driver's kernel-level access to manipulate and even terminate processes that would otherwise be protected.</SPAN></P><P data-unlink="true">&nbsp;</P><P>&nbsp;</P><P>Implement strict driver control policies, ensuring only trusted and patched drivers can be loaded. Continuously monitor for abnormal driver activity and privilege escalation attempts to quickly detect and block BYOVD attacks.</P><P>&nbsp;</P> Fri, 12 Sep 2025 14:45:35 GMT https://community.isc2.org/t5/Threats/BYOVD-Attacks/m-p/83890#M1713 akkem 2025-09-12T14:45:35Z