acm-header
Sign In

Communications of the ACM

Home/News/Organizations Spending Billions on Easy-to-Bypass.../Full Text
ACM TechNews

Organizations Spending Billions on Easy-to-Bypass Malware Defense

By Ars Technica
September 6, 2022
Comments
View as: Print Mobile App Share:
bug in a maze, illustration

EDR evasion is not difficult for hackers using certain techniques.

Credit: Getty Images

Research suggests that hackers can easily bypass Endpoint Detection and Response protections, the malware detecting and blocking solutions on which organizations have invested billions of dollars.

"Combining several well-known techniques yields malware that evades all EDRs that we tested," says Karsten Nohl, chief scientist at German security consultancy SRLabs. "This allows the hacker to streamline their EDR evasion efforts."

Nohl and SRLabs' Jorge Gimenez tested EDRs sold by Symantec, SentinelOne, and Microsoft, and circumvented them using one or both of two techniques. One method avoids the code or "hooks" that EDRs use to overwrite the code libraries applications employ to interact with the operating system kernel. The other method uses only fragments of the hooked functions to prevent the hook from activating.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account