Key Takeaways:
- 1. A hacker group is using a legitimate Intel CPU tuning driver to disable Microsoft Defender in a new type of attack known as “Bring Your Own Vulnerable Driver” (BYOVD).
- 2. The Akira ransomware group is exploiting the legitimate driver rwdrv.sys to gain kernel-level access to Windows systems and disable Microsoft Defender.
- 3. Security experts recommend using strong antivirus software, limiting exposure to potential threats, avoiding running unknown commands, keeping software updated, enabling two-factor authentication, and investing in personal data removal services to protect against Akira ransomware and similar threats.
A hacker group is targeting Windows systems by exploiting a legitimate Intel CPU tuning driver to disable Microsoft Defender in a new attack method called BYOVD. The Akira ransomware group is utilizing this technique to gain access to Windows systems and deploy ransomware. To protect against such threats, users are advised to use strong antivirus software, limit exposure to potential threats, avoid running unknown commands, keep software updated, enable two-factor authentication, and invest in personal data removal services.
Insight: The Akira ransomware attack highlights a vulnerability in Windows systems where a legitimate driver is used to disable security measures, emphasizing the importance of a multi-layered approach to cybersecurity.
This article was curated by memoment.jp from the feed source: Fox Scitech.
Read the full article here: https://www.foxnews.com/tech/hackers-found-way-turn-off-windows-defender-remotely
© All rights belong to the original publisher.
