Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 340, Issue 1IT Vendor NewsSymantec

The BYOVD Epidemic: How Attackers Are Weaponizing Trusted Windows Drivers to Kill Security

Symantec, Tuesday, June 30th, 2026

Symantec details how Bring Your Own Vulnerable Driver attacks have become a standard part of the ransomware playbook.

Symantec examines how Bring Your Own Vulnerable Driver (BYOVD) has moved from a niche technique to a standard part of the ransomware playbook.

Attackers exploit flaws in legitimate, digitally signed Windows kernel drivers to gain administrative privileges and disable antivirus and EDR software. Hundreds of vulnerable drivers exist, with ready-made tools now bundled into ransomware-as-a-service offerings, while Windows kernel hardening offers limited protection against data-only attacks.

The article argues that reactive defenses such as blocklists and signature detection struggle to keep pace, and advocates behavioral monitoring of driver interactions to detect anomalous patterns regardless of the specific driver used.

more →  ·  More from Symantec →