Endpoint detection and response (EDR) tools may have met their match with the newly released threat of AuKill.
You’ve likely heard of AuKill as it made headlines in April of 2023, thwarting EDR tools in a severe Bring Your Own Vulnerable Driver (BYOVD) attack. The question? Why does it matter? And what do all of those terms actually mean in the context of your business and cybersecurity strategy?
Below, we’re digging into everything you need to know about the AuKill threat, BYOVD attack methods and general cyber strategy.
What is AuKill?
AuKill is a revolutionary new hacking tool that is making its rounds on the internet, allowing attackers to kill EDR software which is common in many corporate and organizational cybersecurity strategies. It’s often used alongside ransomware attacks, exploiting design elements to “kill” EDR capabilities. This leaves your organization, device and network far more vulnerable than ever before, allowing other tools or malware to come in and wreak havoc.
How does it work?
Cybersecurity experts have deemed that AuKill works by adopting features from outdated Microsoft Utility and Process Explorer drivers (specifically from version 16.32) to affect EDR functioning. They can do this by using a backdoor method or form of ransomware to use and abuse the system. This is a strategy that is becoming more common, allowing hackers to get more sophisticated with their takedown methods.
This form of driver abuse is otherwise known as a BYOVD attack.
How to defend against AuKill or BYOVD attack methods
AuKill is a type of malware — but it doesn’t stop there. It can also be used to distribute ransomware, making it act as a “double threat.”
Anti-malware tools and a strong preventative strategy are often the first lines of defense against these types of attack methods. Ideally, you’ll be able to work with a strategic cybersecurity vendor (such as the team here at CHIPS) to put together a custom plan and tech stack that is suited to your needs and risk accrual. However, if you’re going it alone, we do recommend identifying several different corporate malware tools for further evaluation and selection.
Frequently Asked Questions (FAQs) about AuKill
Below, we’ve listed frequently asked questions about the malware, AuKill.
1. What privileges does AuKill use to leverage a user system?
Current analysis shows that the malware uses kernal privileges, which allow them to quickly break through common security protocols and compromise your system.
2. Does AuKill have ransomware?
While AuKill is a standalone malware, many outlets report it is commonly used with sophisticated ransomware — such as LockBit and Medusa Locker.
3. Where did AuKill start?
Based on current findings, many believe that AuKill started in late 2023 — making it one of the newest and most pressing areas of focus in cybersecurity at the time of this publication.
Looking for support with your cybersecurity strategy? Connect with the team at CHIPS today. We’re here to create custom strategies for your specific needs.
