How prepared is your establishment for the evolving cybersecurity landscape? Hackers are leveraging a new antivirus killer that can bypass traditional defenses. Learn more about it here before your digital systems become the next target.
What Is RealBlindingEDR?
Threat actors would normally have to deal with layers of malware detection and response systems to launch successful attacks, but RealBlindingEDR disrupts this process. This uncovered custom variant of an open source tool comes with a hardcoded list of popular antivirus service providers, including:
- Kaspersky
- McAfee
- Cisco
- Sophos
- Trend Micro
- Acronis
- SentinelOne
- Malwarebytes
- Cynet
- Bitdefender
- Broadcom (Symantec)
- Fortinet
Once deployed on a system, it hunts for these names in the driver metadata, and when it finds one, it deactivates kernel-level hooks or callbacks, which essentially blinds the detection engine. Hackers can even silently uninstall the antivirus program altogether.
Who's Responsible for RealBindingEDR?
Specialists from Trend Micro were the ones who discovered this malicious tool, and they linked its first appearance to a hacking organization called Crypto24.
When the group gains initial access and removes all roadblocks, it typically deploys two forms of malware: a keylogger that records passwords and other sensitive information, and an encryptor that locks files on the victim's system.
Are Your Protocols Strong Enough To Counter These Cybersecurity Threats?
Based on Crypto24's previous attacks, businesses in the tech, finance, entertainment, and manufacturing sectors should stay extra vigilant. Even if you don't operate in these industries, it never hurts to take the following proactive steps:
Get Tamper-Resistant Malware Protection
The rising wave of cyber threats shows no signs of slowing down, and singular antivirus solutions aren't enough. Invest in layered defenses for your peace of mind.
As the name suggests, tamper protection blocks any attempt by malware to modify or disable security settings. Look for tools that specifically focus on this feature.
Enable Real-Time Detection
Modern forms of malware protection leverage machine learning technology to study patterns and predict potential attacks. Behavioral analytics also help detect unusual activities and alert you immediately.
When paired with a competent IT department, your establishment can better respond and adapt to evolving threats.
Encrypt Sensitive Data
In the rare chance that threat actors breach your endpoint detection and data security layers with the new antivirus killer, you can make their work much harder with an encrypted setup. It's already a common practice to convert all readable (plaintext) files into more complex ciphertext. Only people with the right decryption key can reverse the process.
Back Up Your Files
Ransomware attacks rely on holding your sensitive information hostage. Even when you give in to their demands, there's no guarantee they will restore your files.
Create backups regularly instead of trying to bargain with criminals. Store them both offline and in the cloud when possible to facilitate faster recovery.
Building Resilience Through Preparedness
The new antivirus killer should serve as a wake-up call for all businesses, from industry giants to small startups. Antivirus evasion is only getting more effective, with technologies like AI making it easier to outsmart traditional defenses. Stay proactive and invest in layered security solutions.
