security breach

security breach

Staying vigilant about updating your antivirus software is a fundamental cybersecurity measure for businesses. However, a newly discovered form of malware could undermine even the most up-to-date defenses. Security researchers at Sophos have identified a dangerous malware called EDRKillShifter, which can completely disable antivirus protection.

Understanding EDRKillShifter

EDRKillShifter is believed to originate from the RansomHub ransomware group, though evidence suggests that other cybercriminal organizations are also leveraging this malware. This raises concerns that EDRKillShifter is available on the dark web, potentially accessible to numerous malicious actors.

The primary function of EDRKillShifter is to disable endpoint detection and response (EDR) systems on targeted devices. It accomplishes this by installing legitimate but vulnerable drivers, exploiting these weaknesses to inflict damage. The malware can deploy a variety of payloads, including ransomware, and enable attackers to infiltrate sensitive networks through privilege escalation and evasion of security measures.

How to Protect Your Business

While antivirus and endpoint protection software are crucial in defending against cyber threats, they alone may not be enough. Here are some additional steps to safeguard your business from threats like EDRKillShifter:

1. Keep Your System Updated

Regularly updating both hardware and software is essential for closing security gaps that attackers might exploit. For instance, Microsoft has begun decertifying drivers with known vulnerabilities, making updates a key line of defense against such exploitation.

2. Separate Administrator and User Privileges

EDRKillShifter requires administrator permissions to operate. If attackers gain administrative control, they can install compromised drivers. Limiting administrative access within your network can reduce the risk of malicious software installation.

3. Enable Tamper Protection

Tamper protection adds another layer of security by preventing unauthorized changes to your EDR tools. This measure can block hackers from making modifications that would allow them to bypass your network’s defenses.

4. Maintain Basic Cyber Hygiene

Combating ransomware like EDRKillShifter is a shared responsibility. Strengthening your overall cybersecurity posture involves:

  • Implementing encryption for endpoints, emails, and disks
  • Establishing clear policies on device usage, including restrictions on what devices can connect to the network and the security protocols they must follow
  • Applying web security measures to filter out dangerous websites
  • Educating employees on the latest phishing tactics and social engineering threats, empowering them to recognize and avoid potential scams

Ransomware remains one of the most significant cybersecurity challenges facing businesses globally. EDRKillShifter is just one of many tools that cybercriminals can use to harm your business. Stay proactive by keeping informed of emerging threats and continuously strengthening your defenses to avoid becoming a victim.

Integrated Technology Systems is here to help you stay informed and secure. We will conduct a comprehensive security audit of your business with recommendations for improvement. We can help you

  • write security policies
  • keep your systems updated
  • train your employees

Contact us today - before you have a cyber breach.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com