Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform

Staff Editor 2026-06-19
Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform

Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform

https://www.csoonline.com/article/4187329/threat-actor-adds-advanced-edr-killer-tools-to-ransomware-as-a-service-platform.html

Publish Date: 2026-06-19 16:07:00

Source Domain: www.csoonline.com

The principle behind BYOVD is simple enough: once an attacker has gained admin privileges through an account takeover, they load a legitimate, but old and vulnerable vendor driver, inside which lies an exploitable vulnerability. This extends the power of admin control to kernel level, allowing them to target the EDR drivers in a direct way.

EDR tools’ vulnerability to a newer generation of evasion techniques has been known for some time; a 2024 study by security company Trellix highlighted this weakness, and earlier this year, another security vendor, Huntress, reported a recent case in which BYOVD had been used to load and target a vulnerable old driver to shut down EDR defenses.

“The biggest defense obstacle is the fact that EDR killers rely on vulnerable non-malicious drivers that are often still used legitimately,” noted Souček.

Source

More Stories

SGF urges greater investment in cybersecurity, broadband infrastructure 

SGF urges greater investment in cybersecurity, broadband infrastructure 

Staff Editor 2026-06-20
IBM Tests Nighthawk Quantum Processor on Physics and Cybersecurity Tasks

IBM Tests Nighthawk Quantum Processor on Physics and Cybersecurity Tasks

Staff Editor 2026-06-20
Cyber-Downtime and Nursing Practice: Implications of Europe’s Network and Information Security (NIS2) Directive for Specialist Nursing Education

Cyber-Downtime and Nursing Practice: Implications of Europe’s Network and Information Security (NIS2) Directive for Specialist Nursing Education

Staff Editor 2026-06-20

Terms and Conditions - Privacy Policy