3 min read

Not a New Technique in Operation Shaheen Attack

Bitdefender Enterprise

November 22, 2018

Not a New Technique in Operation Shaheen Attack

The advanced attack targeting Pakistan described by Cylance mentions an evasion technique that incapacitates the security solutions provided by 8 vendors. Bitdefender products have been successfully blocking this threat since 2016. We conducted our own analysis of this malware and we have new findings to share.

1. The evasion technique described by Cylance in the paper is not a mechanism to bypass the 8 security solutions, but a shutdown mechanism that renders the malware inactive. Once the malware identifies the presence of Bitdefender security solution, it shuts down.

2. As long as the malware stays inactive, it cannot perform any malicious operations on the machine or on the network.

3. As soon as the malware activates and is executed, it is immediately picked up by Bitdefender.

4. The choice of rendering the malware inactive on systems where Bitdefender solutions are present is most likely related to the fact that Bitdefender was successfully detecting the RTF exploit. Both our internal testing and the VirusTotal sample submission show that the our solutions were able to pick the malware up.

5. This technique of shutting down the malware in the presence of a security solution is nothing new or unusual. Several other malware families have code that stops the malware from executing further in specific circumstances for fear of sounding alarms.

Here at Bitdefender we take security extremely seriously. Our internal analysis shows that most of the samples mentioned by Cylance in the report were detected by all Bitdefender security solutions since 2016 both via signatures and behavioral technologies.

Customers  running the Bitdefender Elite HD product were also covered by detection via machine learning technologies (Gen:Illusion.ML.Skyline.B  and Gen:Illusion.ML.Miura.C) as well as via neural network technologies (Gen:NN.ZemsilN.22810, Gen:NN.ZelphiN.22810.KGW) .

For the past 8 years, Bitdefender's detection technologies have received numerous accolades from independent testing organizations such as AV-Test and AV-Comparatives. Our detection technologies are being licensed by almost 40% of competing antimalware vendors, which once again outlines the effectiveness of our capability to detect emerging malware and targeted attacks.

tags


Author


Bitdefender Enterprise

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world.

View all posts

You might also like

Bookmarks


loader