Unguarded control center: ESET analyzes attacks on Windows kernel. European IT security manufacturer publishes new research results on how APT groups (Advanced Persistent Threat) exploit the vulnerabilities for attacks.
ESET Research department publishes the results of their vulnerability analysis of signed Windows kernel drivers. According to the security experts, these are increasingly being used by so-called APT (Advanced Persistent Threat) groups exploited for targeted attacks against companies. The detailed technical analyzes and effective defense techniques are now available as a blog post on WeLiveSecurity.
Windows kernel driver background
There are different types of kernel drivers in Microsoft Windows operating systems. While there is a strict development process with a focus on security for device drivers, the whole thing looks different for "software" drivers, for example for diagnostic data. Possible software errors and known vulnerabilities are therefore actively exploited by malicious code developers and cyber attackers.
“If hackers want to get into the Windows kernel on x64 systems, the drivers have to be signed. Signed but vulnerable drivers are a viable way to do this. This technique is known as Bring Your Own Vulnerable Driver, or BYOVD for short, and has been observed in the wild both by known APT actors and in regular malware,” explains Peter Kálnai, Senior Malware Researcher at ESET. The results of the analysis are available on ESET's WeLiveSecurity.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.