Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
01-Nov-23
Threat actors, such as cybercriminals and state-sponsored organizations, frequently utilize kernel drivers improperly in their operations. These drivers have the potential to enable malevolent hackers to control system operations, sustain their presence on a system, and sidestep security measures.
VMware’s TAU used a Yara rule to gather almost 18,000 Windows driver samples from VirusTotal. Upon eliminating drivers that were known to be susceptible, the researchers discovered several hundred file hashes linked to 34 distinct, unidentified vulnerable drivers.
