![]() For example, my team analyzed a recent case when the actors used GMER and PC Hunter for defense evasion to deploy Play ransomware in an organization’s systems. In addition, we have seen these tools in hands-on attacks, especially with ones leading to ransomware deployment. Tools such as GMER, PC Hunter, ProcessHacker and Defender Control, which are not inherently malicious, have been used in multiple attacks to disable or uninstall security products. Third-party tools, their components, and built-in Windows tools are fair game The relative ease with which attackers can weaponize organizations’ own software lies in the fact that IT and security personnel commonly authorize these tools in standard environments. ![]() This gives attackers carte blanche to perform their activities without being noticed, as their attacks can be mistaken as part of any day-to-day operations, like IT admin work. ![]() While custom-built tools or malware can be flagged as malicious by endpoint products, commercially available tools are often marked as clean or allow-listed by organizations. Using commonly available tools allows attackers to evade detection. Malicious actors are increasingly exploiting legitimate tools to accomplish their goals, which include disabling security measures, lateral movement, and transferring files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |