The Bring Your Own Vulnerable Driver (BYOVD) cyberattack is one of the least talked about methods of cyberattack. However, following the news that Lazurus, North Korea’s elite state-sponsored hacking group, has started using the method, it is likely that we may see copycats also using it and putting your veterinary practice at risk.
What is the Bring Your Own Vulnerable Driver ( BYOVD) Cyberattack?
As its name suggests, the BYOVD uses a compromised computer driver to launch an attack. The hackers first gain administrative privileges over the victim’s computer system. The next step is, they look for legitimate but compromised computer drivers and install them on their victim’s devices.
After installation, the attackers are then able to exploit the vulnerability for their desired ends. This can be achieved either remotely, where hackers are able to lie low inside their victim’s computers, or otherwise, which in most cases means a one-time use to launch a virus or a ransomware cyberattack.
One of the reasons these types of attacks are more effective is that once a hacker successfully installs the driver, they can quickly gain ring 0 access. With this access, they can interact with the physical hardware, such as the CPU and chips on the motherboard. The access also gives cybercriminals the ability to subvert or disable security mechanisms, allowing them to hide deeper in the system.
Why Hackers Use Bring Your Own Vulnerable Driver ( BYOVD)
One of the top reasons that most cybersecurity experts cite as to why cybercriminals use BYOVD is to bypass the Windows Driver Signature Enforcement (DSE). The DSE ensures that only signed kernel drivers can be loaded. By compromising DSE, hackers can be able to load their own unsigned drivers and hence be able to launch other types of attacks.
Some of the types of attacks that cybercriminals can be able to carry out once they have installed their own unsigned drivers include:
- Unhooking EDR Callback: This allows cybercriminals to disable basic functionalities such as threads, processes, and image-loading detection callbacks.
- Hide Exploitation/Rootkit Artefacts: Exploits launched using BYOVD are hard to detect. Cybercriminals are also able to disable security features using the method; hence it becomes easy to hide rootkits.
- Writing UEFI Kit: Highly skilled cybercriminals can also write their own UEFI kit. This software connects the computer’s firmware to its operating system. This is mostly achieved by gaining access to ring 0 after a BYOVD attack.
- The Blue Screen of Death (BSoD): Cybercriminals can do anything they want with your computer once they successfully launch a BYOVD attack. This includes wiping out all your data or making it inaccessible. They can also crash your computer systems and cause BSoD.
Preventing a BYOVD Attack
Unfortunately, BYOVD attacks are some of the hardest to stop once they are launched on your computer system. Therefore, it is important to have a plan on how to stop these types of attacks. Luckily, like all other cybersecurity threats, preventing a BYOVD attack will require your veterinary practice to go back to the basics by taking steps such as:-
- Staff training: one of the ways that compromised computer drivers are spread is through phishing techniques that rely on victims’ ignorance. Therefore, good training on how to spot a phishing email can help address the problem and possibly prevent your veterinary practice from falling victim to such attacks.
- Update your system: Cybercriminals make use of known vulnerabilities to launch cyberattacks. Therefore, keeping your computer systems updated can help prevent future cyberattacks.
- Avoid Downloading Cracked Software: It is advisable to assume that every unauthorized software downloaded from the internet is littered with viruses and malware that could be the gateway to a BYOVD attack.
In conclusion, the chances of your veterinary practice getting targeted by BYOVD are high. Therefore, besides prevention measures, you should consider backups to your most important data. This will help you restore your systems fast in case of an attack.
Need help making sure your data is properly protected?
Schedule a FREE consultation call today. You can access my personal calendar here to pick a date and time that works best for you.
Clint Latham