Several cybersecurity firms have warned Microsoft that cybercriminals have been utilizing signed malicious drivers to terminate antivirus (AV) and endpoint detection and response (EDR) processes.
Microsoft released an advisory to inform users about drivers approved by its Windows Hardware Developer Program being used by threat actors in post-exploitation activity, such as the distribution of ransomware, along with its Patch Tuesday updates for December 2022. The business process outsourcing (BPO), telecommunications, entertainment, transportation, MSSP, financial, and cryptocurrency sectors were among those targeted by threat actors, according to the security firm.
Also Read: Reasons Why Cybersecurity Compliance is Vital for Businesses
This description resembles a recent one provided by CrowdStrike of a cybercrime organization known as Scattered Spider, which had similar targets and objectives.
Read More: Security Companies Alert Microsoft about Signed Drivers Applied to Kill EDR, AV Processes
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.