BleepingComputer reports that more cyberattacks have involved the exploitation of the open-source red team tool EDRSilencer to evade endpoint detection and response tools.
Aside from averting traffic from Microsoft Defender, SentinelOne, Cisco Secure Endpoint, TrendMicro Apex One, and a dozen other modern EDR systems, EDRSilencer also allows threat actors to include more process filters for expanded executable blocking, according to a Trend Micro analysis. "After identifying and blocking additional processes not included in the hardcoded list, the EDR tools failed to send logs, confirming the tool’s effectiveness. This allows malware or other malicious activities to remain undetected, increasing the potential for successful attacks without detection or intervention," said Trend Micro researchers. Organizations have not only been urged to let their EDR systems identify EDRSilencer as malware but also adopt multi-layered security controls, anomaly identification and behavioral analysis tools, and the principle of least privilege to curb compromise risk.