Sign In

Communications of the ACM

ACM TechNews

Organizations Spending Billions on Easy-to-Bypass Malware Defense

View as: Print Mobile App Share:
bug in a maze, illustration

EDR evasion is not difficult for hackers using certain techniques.

Credit: Getty Images

Research suggests that hackers can easily bypass Endpoint Detection and Response protections, the malware detecting and blocking solutions on which organizations have invested billions of dollars.

"Combining several well-known techniques yields malware that evades all EDRs that we tested," says Karsten Nohl, chief scientist at German security consultancy SRLabs. "This allows the hacker to streamline their EDR evasion efforts."

Nohl and SRLabs' Jorge Gimenez tested EDRs sold by Symantec, SentinelOne, and Microsoft, and circumvented them using one or both of two techniques. One method avoids the code or "hooks" that EDRs use to overwrite the code libraries applications employ to interact with the operating system kernel. The other method uses only fragments of the hooked functions to prevent the hook from activating.

From Ars Technica
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found