Hackers found a way to turn off Windows Defender remotely

Most of modern Windows PCs rely on Microsoft Defender as their first line of defense against malware Over the years it has evolved into a capable and often underrated antivirus that blocks a wide range of threats But a hacker group has unveiled a way to abuse a legitimate Intel CPU tuning driver in a Bring Your Own Vulnerable Driver BYOVD attack to thoroughly disable Microsoft Defender The technique has been observed since mid-July and is already being used in operational ransomware campaigns The method doesn't rely on exploiting a platform bug or delivering an obviously malicious file Instead it takes advantage of how the Windows driver system is designed to allow deep hardware access Let's discuss all you need to know about the attack and how you can stay safe HOW SCAMMERS TARGET YOU EVEN WITHOUT SOCIAL MEDIASign up for my FREE CyberGuy ReportGet my best tech tips urgent guard alerts and particular deals delivered straight to your inbox Plus you ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY COM newsletter The Akira ransomware group has developed a new way to sidestep assurance tools by using a legitimate Intel CPU tuning driver called rwdrv sys from the performance-tweaking tool ThrottleStop Precaution firm GuidePoint Protection says attackers load this driver to gain kernel-level access to Windows systems then install a second malicious driver hlpdrv sys which changes the DisableAntiSpyware registry setting via regedit exe to shut down Microsoft Defender Once Defender is disabled attackers can run other malicious programs undetected GuidePoint says this method has been consistently spotted in Akira campaigns since mid-July The same group has also been linked to attacks targeting SonicWall VPN devices SonicWall has stated that these incidents likely involve a known vulnerability CVE- - rather than a brand-new zero-day The company recommends restricting VPN access enabling multi-factor authentication and disabling unused accounts as immediate defenses Akira attacks often involve stealing facts setting up hidden remote access and deploying ransomware to encrypt files across an organization Guard experts warn that fake or lookalike websites are increasingly being used to distribute these malicious tools FBI WARNS SENIORS ABOUT BILLION-DOLLAR SCAM DRAINING RETIREMENT FUNDS EXPERT SAYS AI DRIVING ITResearchers at GuidePoint have published a YARA detection rule along with file names organization names SHA- hashes and file paths to help identify this activity They recommend administrators actively monitor for these indicators apply filtering and blocking rules as new IoCs emerge and only download tool from official or verified sources We reached out to Microsoft for a comment but did not hear back before our deadline The Microsoft Defender attack is smart and dangerous but you're not without defenses Here are a sparse tips to help you stay safe Even with regular updates Windows systems can be left exposed if built-in defenses are disabled A strong antivirus system with real-time protection kernel-level monitoring and frequent updates can provide backup safeguard The best way to safeguard yourself from malicious links that install malware potentially accessing your private information is to have strong antivirus program installed on all your devices This protection can also alert you to phishing emails and ransomware scams keeping your personal information and digital assets safe Get my picks for the best antivirus protection winners for your Windows Mac Android iOS devices at CyberGuy com Various exploits rely on user interaction such as clicking a shady link downloading a compromised file or mounting an untrusted virtual disk Stick to reputable websites avoid opening unsolicited email attachments and use a browser with built-in shield features like Microsoft Edge or Chrome with Safe Browsing enabled Never paste or run commands like PowerShell scripts you don't understand or that were copied from random websites Attackers often trick users into unknowingly running malware this way GOOGLE CONFIRMS INFORMATION STOLEN IN BREACH BY KNOWN HACKER GROUPRegularly update your operating system browsers and all system applications Updates often include patches for guard vulnerabilities that malware can exploit Enable FA on all your accounts This adds an extra layer of safety by requiring a second form of verification making it harder for attackers to gain access even if they have your password Even with strong device safeguard your personal information may still be exposed online through statistics brokers and people-finder sites While no institution can guarantee the complete removal of your figures from the internet a evidence removal amenity is really a smart choice They aren t cheap - and neither is your privacy These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites It s what gives me peace of mind and has proven to be the the bulk effective way to erase your personal figures from the internet By limiting the information available you reduce the threat of scammers cross-referencing input from breaches with information they might find on the dark web making it harder for them to target you Check out my top picks for details removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy com Get a free scan to find out if your personal information is already out on the web Cyberguy com CLICK HERE TO GET THE FOX NEWS APPAkira's trick shows a bigger flaw in how Windows trusts certain tools A driver meant for harmless CPU tuning ends up being the key to turning shield off Since it's from a legitimate source Windows just lets it through without asking questions We tend to think hackers reliably break in from the outside Here they're already inside the circle of trust using the system's own rules Should Microsoft be doing more to stop ransomware groups from disabling Defender Let us know by writing to us at Cyberguy com Sign up for my FREE CyberGuy ReportGet my best tech tips urgent shield alerts and particular deals delivered straight to your inbox Plus you ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY COM newsletter Copyright CyberGuy com All rights reserved