(welivesecurity.com) Inside the EDR Killer Ecosystem: How Ransomware Affiliates Disrupt Endpoint Defenses
-
(welivesecurity.com) Inside the EDR Killer Ecosystem: How Ransomware Affiliates Disrupt Endpoint Defenses
ESET researchers analyzed nearly 90 EDR killers actively used in ransomware intrusions, finding that affiliates rather than operators select these tools, which drives significant tooling diversity across RaaS ecosystems. The study documents 54 BYOVD based tools abusing 35 vulnerable drivers, 15 anti rootkit or freely available tools, and 7 script based killers, with defense evasion techniques including commercial packers, encrypted embedded drivers, and control flow flattening. Driver reuse across unrelated codebases and frequent driver switching within individual tools undermine driver centric attribution. Driverless approaches like EDRSilencer bypass kernel interaction entirely.
Source: https://www.welivesecurity.com/en/eset-research/edr-killers-explained-beyond-the-drivers/
Fediverse: @ESETresearch
-
R relay@relay.infosec.exchange shared this topic
