Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Cybercrime Chaos: EDRKillShifter and SbaProxy Unleash Havoc on Security Systems
Cybercriminals linked to RansomHub ransomware are now using EDRKillShifter, a tool designed to disable endpoint detection and response software. This EDR-killing utility, discovered by Sophos, is the latest in a line of tools like AuKill and Terminator, aiming to thwart cybersecurity defenses and escalate privileges…
Hot Take:
Looks like the cybercriminals are playing a high-tech version of Whac-A-Mole with our EDR systems. Just when we think we’ve squashed one, another pops up with a fancy new name and even fancier tricks up its sleeve. Who knew malware authors had such a flair for dramatic rebranding?
Key Points:
- RansomHub gang has a new tool, EDRKillShifter, to terminate endpoint detection and response (EDR) software.
- EDRKillShifter works by exploiting vulnerable drivers to gain elevated privileges and disarm EDR software.
- RansomHub is likely a rebrand of the Knight ransomware and has been active since February 2024.
- Scattered Spider syndicate has added RansomHub and Qilin ransomware to its toolkit.
- Another threat, SbaProxy, uses modified antivirus binaries to establish proxy connections through a C2 server.
Already a member? Log in here