Trust aWare: intelligent devices to fight the most serious threats.
The blog on the official website for Project Trust aWare has published a new contribution by Broderick Aquilino, Head of Research at WithSecure, a project partner.
The article describes the complexity of LOLBin and fileless attacks and presents an advanced solution, the Activity Monitor, designed to effectively counter these threats.
LOLBin (Living Off the Land Binaries) attacks hide by exploiting system processes already present on target computers (such as, for example, Word programmes or other native Windows systems) and therefore considered "good" by antivirus software. Traditional security measures have difficulty detecting these disguised threats, allowing attackers to work undisturbed.
Fileless attacks, on the other hand, represent a departure from conventional malware tactics. Unlike traditional attacks that involve installing malicious files on a system disk, fileless attacks operate entirely in the memory, leaving no trace on the disk that could be detected by security measures.
When LOLBin and fileless attacks join forces, they create a powerful synergy that poses a serious threat to cybersecurity. “To further enhance their evasion tactics, attackers often employ techniques such as process injections. This involves injecting malicious code into legitimate processes, such as explorer.exe. This method allows them to exploit the legitimacy of the host process while performing malicious actions, such as encrypting user files.
Activity Monitor technology, initially created to monitor unknown applications, now allows users to easily restore their devices to their original settings following a malware attack. The article contains a video that shows the simulation of a malicious code injection attack and how Activity Monitor is able not only to identify and stop malicious activities, but also to distinguish the original files created by users from the modifications made by the ransomware.
“This level of intelligence is critical to preventing data loss and compromised systems,” explains Aquilino. “With Activity Monitor, organizations can strengthen their defences, providing a proactive and intelligent shield against even the most sophisticated adversaries,” concludes the researcher.
Research is carried out as part of European project TRUST aWARE, which is funded by the European Union's Horizon 2020 Research and Innovation Programme with Grant Agreement No. 101021377.