'Doppelgänging' attack hides malware from security tools

Endpoint protection company EnSilo has used this week's Black Hat Europe conference in London to reveal how Microsoft Windows features can be used to slip malicious ransomware and other threats past most updated, market-leading AV products. EnSilo researchers demonstrated how, by manipulating how Windows handles file transactions, they could pass off malicious actions as benign, legitimate processes, even if they use known malicious code. In addition to blinding Windows' embedded defense mechanisms and third-party AV and next generation AV security products to incoming threats, Process Doppelgänging gives attackers the further advantage of leaving no traceable evidence behind -- making this… [Continue Reading]