EDR

Stealthier cyberattacks facilitated by EDRSilencer red team tool

Share
defense-in-depth

BleepingComputer reports that more cyberattacks have involved the exploitation of the open-source red team tool EDRSilencer to evade endpoint detection and response tools.

Aside from averting traffic from Microsoft Defender, SentinelOne, Cisco Secure Endpoint, TrendMicro Apex One, and a dozen other modern EDR systems, EDRSilencer also allows threat actors to include more process filters for expanded executable blocking, according to a Trend Micro analysis. "After identifying and blocking additional processes not included in the hardcoded list, the EDR tools failed to send logs, confirming the tool’s effectiveness. This allows malware or other malicious activities to remain undetected, increasing the potential for successful attacks without detection or intervention," said Trend Micro researchers. Organizations have not only been urged to let their EDR systems identify EDRSilencer as malware but also adopt multi-layered security controls, anomaly identification and behavioral analysis tools, and the principle of least privilege to curb compromise risk.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.