A newly identified cyber attack leverages a driver named ABYSSWORKER to disable security software as part of a financially motivated campaign responsible for distributing MEDUSA ransomware. Discovered by security researchers at Elastic, ABYSSWORKER uses a revoked certificate from a Chinese supplier, tricking security systems into considering it trustworthy. Once installed, it disables Endpoint Detection and Response (EDR) systems, allowing the ransomware access. While this strategy is not new, its current iteration reveals an unsettling evolution in sophisticated, organized threat actors' methods to bypass security defenses.
The ABYSSWORKER driver allows cybercriminals to disable important security measures, facilitating the undetected distribution of MEDUSA ransomware.
This sophisticated attack method, while not entirely new, underscores the evolving challenges posed by well-organized threat actors in the cybersecurity landscape.
Collection
[
|
...
]