WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Web Hosting Computer Hardware Thursday, February 22, 2018 
Add Press Release News | News Feeds Feeds | Email This News Email

enSilo Reveals Evasive Attack Technique Bypassing Antivirus (AV) and Next Generation Antivirus (NGAV) Prevention Defenses at Black Hat Europe
Thursday, December 07, 2017

Stealthy "Doppelgänging" attack can make even known malware invisible to market-leading AV and NGAV security products by abusing how Microsoft Windows file systems handle transaction features

LONDON, Dec. 7, 2017 /PRNewswire/ -- enSilo, the company that protects endpoints pre- and post-infection and stops data breaches in real time, today released high-profile cybersecurity research at Black Hat Europe revealing how cybercriminals can take advantage of Microsoft Windows features to slip malicious ransomware and other threats past most updated, market-leading AV and NGAV security products protecting corporate laptops, servers and other sensitive devices.

In their presentation, "Lost in Transaction: Process Doppelgänging," enSilo researchers Eugene Kogan and Tal Liberman demonstrated how to conceal malicious activity deep at the operating system level by manipulating how Windows handles file transactions. By passing off malicious actions as benign, legitimate processes, Kogan and Liberman found a potent way for even relatively less-sophisticated attackers to give new life to malicious code threats well-known to security vendors. Once cloaked with "Process Doppelgänging," these threats can impact the latest versions of Windows protected with fully-updated AV and NGAV security products, where malware payloads can proceed to ransom files, capture keystrokes or steal priceless data.

enSilo's Black Hat Europe research is available for download here. Additionally, interested viewers can register to attend a free, public webinar on Process Doppelgänging with Liberman, where he will provide a walk-through of threats and defenses.

In addition to blinding Windows' embedded defense mechanisms and third-party AV and NGAV security products to incoming threats, Process Doppelgänging gives attackers the further advantage of leaving no traceable evidence behind - making this type of intrusion extremely difficult to detect after the fact with the latest forensic techniques.

enSilo customers are already protected from Process Doppelgänging in the wild, via enSilo's proven pre and post infection endpoint security platform combining automated, blocking-enabled Endpoint Detection and Response (EDR) capabilities with Threat Hunting, Incident Response, and Virtual Patching features. enSilo's integrated approach sees and arrests attacks impersonating legitimate Windows processes, affording users additional peace of mind - instead of the uncertainty and management burdens of relying on multiple, piecemeal endpoint protection tools.

"The 'Process Doppelgänging' attack method we discovered leverages several complex mechanisms in Windows operating systems and intimate knowledge of the inner-workings of AVs' file scanning engines. Putting all this together allows masquerading a malicious executable as legitimate, bypassing all tested security products," Liberman explained. "This is another example of how a few subtle manipulations of code, based on deep insight into the operating system internals, are all that is required to upend many layered detection and traditional prevention defenses," Kogan added. "Our research shows that even the latest protections can be negated by an attacker's creative bid to skip a malicious file payload altogether and infiltrate dangerous content through Windows' intricacies."

Kogan and Liberman's selection to present at Black Hat Europe is the latest recognition given to enSilo's renowned team of security researchers working tirelessly to defend customers and the wider security community from evolving threats. enSilo has earned recognition for high-profile work uncovering security risks with major operating systems and novel attack methods. This includes offering an independent patch for Windows' ESTEEMAUDIT remote desktop protocol vulnerability, detailing "AtomBombing" attacks that inject malicious code through Windows atom tables and revealing how attackers can hijack anti-virus products' own features to defeat security measures.

About enSilo
enSilo comprehensively secures the endpoint pre- and post-infection. enSilo automates and orchestrates detection, prevention and real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo's single lightweight agent includes next generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response and virtual patching capabilities. Coupled with a patented approach that has full system visibility, enSilo's endpoint security solution stops modern malware with a high degree of precision and intuitive user interface. Cybersecurity staff with enSilo can effectively manage malware threats without alert fatigue, excessive dwell time or breach anxiety. enSilo's cloud management platform is flexible and extensible to meet operational needs that stop malware impact. For more information please visit

View original content:


Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav Owning Bitcoin Gets Easier in 2018 With the Launch of Cold Storage Coins(TM) | Feb 22, 2018
Nav Introducing Land Rover Explore, The Outdoor Phone | Feb 22, 2018
Nav Frost & Sullivan Recognizes Telit as a Customer Value Leader for Its Broad Portfolio of Industrial IoT (IIoT)-Driven Offerings | Feb 22, 2018
Nav CEVA Introduces PentaG(TM) - A Comprehensive 5G New Radio Enhanced Mobile Broadband IP Platform for Smartphones, Fixed Wireless Access and Embedded Devices | Feb 22, 2018
Nav Trimble RTX Technology Plays Key Role in General Motors' Super Cruise | Feb 22, 2018
Nav Microsoft and Compuverde announce SMB licensing partnership | Feb 22, 2018
Nav Glidewell Dental & Structo Announce Integration of the Velox Desktop 3D Printer Into the In-Office Solution | Feb 22, 2018
Nav Global Luggage (Casual, Business, Travel) Market 2018-2023 By Company, Country, Region, Segment & Sales Channel | Feb 22, 2018
Nav Woot! Woot! - Free Shipping For Amazon Prime Members On | Feb 22, 2018
Nav Global RF Test Equipment Market Analysis, Trends & Forecasts 2015-2027 | Feb 22, 2018

Submit News | View More News View More News