Windows kernel threats have long been favored by malicious actors because it can allow them to obtain high-privileged access and detection evasion capabilities. These hard-to-banish threats are still crucial components in malicious campaigns’ kill chains to this day. In fact, SentinelOne recently discovered malicious actors abusing Microsoft-signed drivers in targeted attacks against organizations in the telecommunication, business process outsourcing (BPO), managed security service provider (MSSP), and financial services industries.
This month, SophosLabs also reported their discovery of a cryptographically signed Windows driver and an executable loader application that terminates endpoint security processes and services on targeted machines.
In this blog entry, Trend Micro researchers discuss the reasons why malicious actors choose to and opt not to pursue kernel-level access in their attacks.
Read more…
Source: Trend Micro