Hackers Found Using Legitimate Security Tools During Their Attacks - 1

Image by Joan Gamell, from Unsplash

Hackers Found Using Legitimate Security Tools During Their Attacks

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Ransomware gangs have improved their avoidance of detection through “EDR killers,” tools designed to disable security systems early in their attacks.

In a rush? Here are the quick facts:

  • Ransomware groups disable security tools early using “EDR killers.”
  • Attackers use legitimate tools such as HRSword to conduct their attacks.
  • Security tools that are not properly set up create openings for attackers to target companies.

The Register reports that Cisco Talos researchers observed ransomware groups successfully deactivating security protections during almost half of the examined cases in 2024. Through this method hackers allow hackers to stay hidden for longer while they carry out data theft, and distribute ransomware more effectively.

According to Kendall McKay, strategic lead at Talos, attackers implement multiple EDR killers throughout each operation, as reported by The Register. Cybercriminals employ

EDRSilencer and EDRSandblast and EDRKillShifter and Terminator tools to deactivate security defenses.

The Register reports that some ransomware programs, like EDRKillShifter, take advantage of Windows driver vulnerabilities to shut down security applications.

The Register explains that the malware first emerged with the RansomHub gang in August 2024, and has since been used by other ransomware groups, including Medusa, BianLian, and Play.

“The goal is typically the same: kill EDR protections, allow the criminals to remain undetected for longer in the compromised networks, and then help them to steal sensitive data and deploy ransomware before being caught and kicked out,” McKay said, as reported by The Register.

This attack makes recovery of affected systems more complicated. As a result, organizations sometimes need to wipe and rebuild their networks entirely.

The Register says that not all EDR killers are malware. Research conducted by Talos showed that ransomware gangs often carry out attacks by using legitimate tools .

One example is HRSword, a commercial product developed by China-based Huorong Network Technology. Designed to monitor system activity, hackers have repurposed it to disable security software. “It’s a legitimate commercial tool, but now threat actors are co-opting it for their own purposes,” McKay said, as reported by The Register.

The attackers exploit security tools which were not properly set up. Security products function without customization in numerous organizations which creates security risks for their systems, says The Register.. Some organizations set their endpoint detection and response tools to “audit-only” mode, meaning threats are detected but not blocked.

“This was perhaps the most concerning for us, because it’s such a low-hanging fruit and something that can easily be prevented by organizations,” McKay pointed out as reported by The Register.

AI And Satellites Help Assess Myanmar Earthquake Damage - 2

Image by Onur Çağlar Oskay, from Unsplash

AI And Satellites Help Assess Myanmar Earthquake Damage

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A 7.7 magnitude earthquake hit Mandalay which is Myanmar’s second-largest city on Friday leading to extensive destruction. In response, satellites and AI technology worked together to assess the damage and guide relief efforts, as first reported by Fortune .

In a rush? Here are the quick facts:

  • The analysis of AI was delayed because satellite images were blocked by clouds.
  • AI detected 515 buildings that were completely destroyed and 1,524 buildings that suffered major damage.
  • The organization shared its findings with aid groups, including the Red Cross, to support their relief operations.

The AI for Good Lab, operated by Microsoft in partnership with Planet Labs, employed satellite imagery to rapidly determine which regions suffered the most damage.

Microsoft chief data scientist Juan Lavista Ferres said that the operation was initially difficult due to weather conditions. “The biggest challenge in this particular case was the clouds […]There’s no way to see through clouds with this technology,” he said as reported by Fortune.

New satellite images reached Microsoft’s team in Redmond, Washington after the clouds parted hours later. The team achieved better damage assessment results through their customized AI model, which they customized specifically for Mandalay analysis.

“The Earth is too different, the natural disasters are too different and the imagery we get from satellites is just too different to work in every situation,” Lavista Ferres explained, as reported by Fortune.

The AI analysis showed that 515 buildings were almost completely destroyed and 1,524 buildings suffered significant damage. Fortune explains that the data helps emergency response teams receive critical guidance from aid groups who need to direct their efforts.

“This is critical information for teams on the ground,” Lavista Ferres said, as reported by Fortune.

Microsoft claims that AI assessment results are valuable but need verification by personnel who are present on the ground, according to Fortune. The company has shared its findings with aid organizations, including the Red Cross, to help prioritize relief efforts..

Fortune reports that Planet Labs is currently operating 15 satellites, monitoring affected regions of Myanmar and Thailand to provide responders with up-to-date disaster impact information.