Communications of the ACM

Home/News/Organizations Spending Billions on Easy-to-Bypass.../Full Text

ACM TechNews

Organizations Spending Billions on Easy-to-Bypass Malware Defense

By Ars Technica
September 6, 2022
Comments

View as: Print Mobile App Share:

bug in a maze, illustration — EDR evasion is not difficult for hackers using certain techniques.

Credit: Getty Images

Research suggests that hackers can easily bypass Endpoint Detection and Response protections, the malware detecting and blocking solutions on which organizations have invested billions of dollars.

"Combining several well-known techniques yields malware that evades all EDRs that we tested," says Karsten Nohl, chief scientist at German security consultancy SRLabs. "This allows the hacker to streamline their EDR evasion efforts."

Nohl and SRLabs' Jorge Gimenez tested EDRs sold by Symantec, SentinelOne, and Microsoft, and circumvented them using one or both of two techniques. One method avoids the code or "hooks" that EDRs use to overwrite the code libraries applications employ to interact with the operating system kernel. The other method uses only fragments of the hooked functions to prevent the hook from activating.

From Ars Technica
View Full Article

No entries found

Organizations Spending Billions on Easy-to-Bypass Malware Defense

Teaching Transformed

Leveraging Professional Ethics for Responsible AI

Are You Confident in Your Backups?