WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Web Hosting Computer Hardware Wednesday, December 13, 2017 
Add Press Release News | News Feeds Feeds | Email This News Email


enSilo Reveals Evasive Attack Technique Bypassing Antivirus (AV) and Next Generation Antivirus (NGAV) Prevention Defenses at Black Hat Europe
Thursday, December 07, 2017

Stealthy "Doppelgänging" attack can make even known malware invisible to market-leading AV and NGAV security products by abusing how Microsoft Windows file systems handle transaction features

LONDON, Dec. 7, 2017 /PRNewswire/ -- enSilo, the company that protects endpoints pre- and post-infection and stops data breaches in real time, today released high-profile cybersecurity research at Black Hat Europe revealing how cybercriminals can take advantage of Microsoft Windows features to slip malicious ransomware and other threats past most updated, market-leading AV and NGAV security products protecting corporate laptops, servers and other sensitive devices.

In their presentation, "Lost in Transaction: Process Doppelgänging," enSilo researchers Eugene Kogan and Tal Liberman demonstrated how to conceal malicious activity deep at the operating system level by manipulating how Windows handles file transactions. By passing off malicious actions as benign, legitimate processes, Kogan and Liberman found a potent way for even relatively less-sophisticated attackers to give new life to malicious code threats well-known to security vendors. Once cloaked with "Process Doppelgänging," these threats can impact the latest versions of Windows protected with fully-updated AV and NGAV security products, where malware payloads can proceed to ransom files, capture keystrokes or steal priceless data.

enSilo's Black Hat Europe research is available for download here. Additionally, interested viewers can register to attend a free, public webinar on Process Doppelgänging with Liberman, where he will provide a walk-through of threats and defenses.

In addition to blinding Windows' embedded defense mechanisms and third-party AV and NGAV security products to incoming threats, Process Doppelgänging gives attackers the further advantage of leaving no traceable evidence behind - making this type of intrusion extremely difficult to detect after the fact with the latest forensic techniques.

enSilo customers are already protected from Process Doppelgänging in the wild, via enSilo's proven pre and post infection endpoint security platform combining automated, blocking-enabled Endpoint Detection and Response (EDR) capabilities with Threat Hunting, Incident Response, and Virtual Patching features. enSilo's integrated approach sees and arrests attacks impersonating legitimate Windows processes, affording users additional peace of mind - instead of the uncertainty and management burdens of relying on multiple, piecemeal endpoint protection tools.

"The 'Process Doppelgänging' attack method we discovered leverages several complex mechanisms in Windows operating systems and intimate knowledge of the inner-workings of AVs' file scanning engines. Putting all this together allows masquerading a malicious executable as legitimate, bypassing all tested security products," Liberman explained. "This is another example of how a few subtle manipulations of code, based on deep insight into the operating system internals, are all that is required to upend many layered detection and traditional prevention defenses," Kogan added. "Our research shows that even the latest protections can be negated by an attacker's creative bid to skip a malicious file payload altogether and infiltrate dangerous content through Windows' intricacies."

Kogan and Liberman's selection to present at Black Hat Europe is the latest recognition given to enSilo's renowned team of security researchers working tirelessly to defend customers and the wider security community from evolving threats. enSilo has earned recognition for high-profile work uncovering security risks with major operating systems and novel attack methods. This includes offering an independent patch for Windows' ESTEEMAUDIT remote desktop protocol vulnerability, detailing "AtomBombing" attacks that inject malicious code through Windows atom tables and revealing how attackers can hijack anti-virus products' own features to defeat security measures.

About enSilo
enSilo comprehensively secures the endpoint pre- and post-infection. enSilo automates and orchestrates detection, prevention and real-time response against advanced malware and ransomware without burdening cybersecurity staff. enSilo's single lightweight agent includes next generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response and virtual patching capabilities. Coupled with a patented approach that has full system visibility, enSilo's endpoint security solution stops modern malware with a high degree of precision and intuitive user interface. Cybersecurity staff with enSilo can effectively manage malware threats without alert fatigue, excessive dwell time or breach anxiety. enSilo's cloud management platform is flexible and extensible to meet operational needs that stop malware impact. For more information please visit www.ensilo.com.

View original content:http://www.prnewswire.com/news-releases/ensilo-reveals-evasive-attack-technique-bypassing-antivirus-av-and-next-generation-antivirus-ngav-prevention-defenses-at-black-hat-europe-300568169.html

SOURCE enSilo



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav ABI Research: Apple will be a "follower" in the "Post-Smartphone Era" | Dec 13, 2017
Nav US Defense Geospatial Applications Market Report 2017: Market Forecast 2017 to 2022 with 2016 as the Base Year | Dec 13, 2017
Nav Pet Monitoring Camera Market 26.09% CAGR by 2021 | ReportsnReports | Dec 12, 2017
Nav Global Dentistry 3D Printing Markets 2018-2028 - 3D Printing Entering the Mainstream of Dental Care | Dec 12, 2017
Nav FlowPlay Completes Major Cross-Platform Overhaul, Transitions 1.4 Million Lines of Code to Haxe for Vegas World Relaunch | Dec 12, 2017
Nav CMPB (got milk?) Shifts Entire Advertising Portfolio to GALLEGOS United | Dec 12, 2017
Nav Innovusion launches a new category of Image Grade LiDAR | Dec 12, 2017
Nav SMIC and Efinix(TM) Quickly Deliver the First Quantum(TM)-Accelerated Silicon Product | Dec 12, 2017
Nav SafeDeposit Secures Partnership With Dash In Convenience Stores | Dec 12, 2017
Nav Peapod Makes Grocery Shopping Easier Than Ever With New Text To Order Launch | Dec 12, 2017
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News