EDRSilencer Tool Used in Attacks to Bypass EDR Systems
EDRSilencer, a red-team tool originally designed for penetration testing, has been observed in malicious attacks aimed at bypassing Endpoint Detection and Response (EDR) systems. According to cybersecurity researchers at Trend Micro, attackers are leveraging EDRSilencer to mute alerts and block telemetry from being sent to EDR management consoles, thus evading detection.
EDR tools are critical for identifying and responding to cyber threats by analyzing network traffic and system behavior. EDRSilencer exploits this by disrupting communication between EDR processes and management servers, specifically targeting 16 modern EDR tools, including Microsoft Defender, SentinelOne, and FortiEDR. By blocking key EDR processes, the tool can prevent security systems from reporting malicious activity.
To mitigate such risks, Trend Micro recommends organizations implement multi-layered security measures, such as behavioral analysis and anomaly detection, while ensuring constant monitoring of EDR solutions. These strategies are vital to detecting EDRSilencer before it disrupts critical security functions.
Iranian Hackers Use Brute Force to Breach Critical Infrastructure and Sell Access
Iranian hackers are targeting critical infrastructure, using brute force techniques like password spraying and MFA push bombing to gain access to organizations in sectors such as healthcare, government, and energy. Once inside, they act as access brokers, selling credentials and network data on cybercriminal forums, enabling further cyberattacks by other threat actors.
According to a joint advisory from U.S., Canadian, and Australian agencies, these attackers rely heavily on brute force attacks to compromise user accounts and escalate privileges. After gaining initial access, often through brute force methods, they conduct extensive reconnaissance to collect more credentials and maintain persistent access to networks. They frequently leverage tools like Remote Desktop Protocol (RDP) and PowerShell to move laterally through compromised systems.
Organizations are urged to monitor for failed login attempts and other signs of brute-force activity, such as suspicious IP addresses and unusual MFA registrations, to detect and mitigate these attacks early.
Nidec Confirms Data Breach Following Ransomware Attack, Linked to 8BASE and Everest Gangs
Nidec Corporation, a global tech giant, has confirmed a data breach after a ransomware attack earlier this year, with the stolen data being leaked on the dark web. The 8BASE ransomware gang initially claimed responsibility for the attack in June 2024, stating that they had exfiltrated large amounts of confidential data. Later, the Everest ransomware group also published stolen data, continuing the extortion attempts.
Although the attackers did not encrypt Nidec’s files, they obtained VPN credentials to access sensitive internal documents, business contracts, and procurement policies. The breach primarily impacted Nidec’s Precision division in Vietnam. Nidec has since closed the entry point and bolstered security, but employees and contractors are warned that the leaked data could fuel phishing or other targeted attacks.
Despite the leak, Nidec believes the data is unlikely to cause direct financial harm but continues to monitor for any unauthorized use of the stolen information.
ESET Partner Breached to Deliver Data Wipers in Phishing Attack
Hackers breached ESET’s exclusive partner in Israel, Comsecure, to launch a phishing campaign distributing data wipers disguised as antivirus software. Starting on October 8, phishing emails, branded with ESET’s logo and sent from legitimate ESET Israel email servers, targeted Israeli businesses. The malicious emails falsely warned recipients about state-backed threats and offered a fake “ESET Unleashed” antivirus tool as protection.
The phishing emails appeared authentic, passing SPF, DKIM, and DMARC security checks, with the download link hosted on the legitimate ESET Israel domain. However, the payload included a malicious Setup.exe, identified as a data wiper, designed to destroy files and corrupt systems. Data wipers, often used by Iranian threat actors, aim to disrupt rather than profit, and have been frequently deployed in attacks against Israeli organizations.
While the extent of the attack is still unclear, the phishing campaign underscores the persistent threat of data wipers in geopolitical cyber conflicts.
Cisco DevHub Portal Taken Offline After Data Leak, No Breach Confirmed
Cisco has temporarily taken its public DevHub portal offline following the leak of non-public data by a threat actor known as IntelBroker. Despite the data leak, Cisco maintains that there is no evidence of a system breach. According to the company, the affected data was from a public-facing environment designed to provide code, scripts, and other resources for customer use, with only a small number of unauthorized files made available for download.
IntelBroker, who initially claimed responsibility for the attack, stated that access was gained through an exposed API token in a third-party developer environment. The stolen data reportedly includes source code, configuration files with database credentials, SQL files, and technical documentation. Although the threat actor leaked the data after failing to extort Cisco, the company asserts that no personal or financial data was compromised.
Cisco continues to investigate the incident while maintaining that the data breach did not involve its internal systems.
Conclusion
In conclusion, the cyber landscape is fraught with various threats, from zero-day vulnerabilities to ransomware attacks and phishing campaigns. Staying vigilant and implementing robust security measures is essential to safeguard sensitive data.
As experts in ransomware recovery and cybersecurity, we offer specialized services such as Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services. If your organization requires assistance in recovering from a ransomware attack or bolstering its cybersecurity defenses, contact us today.