‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload
Summary
A new malware strain dubbed 'BlackSanta' has been identified that specifically targets and disables endpoint detection and response (EDR) and antivirus (AV) software at the kernel level. This allows the malware to operate unhindered, facilitating subsequent stages like credential harvesting, system reconnaissance, and data exfiltration.
IFF Assessment
This malware's ability to disable crucial security defenses directly hinders defenders' ability to detect and stop malicious activity.
Defender Context
Defenders need to be aware of malware capable of bypassing or disabling endpoint security solutions. This highlights the importance of layered security, including network-based defenses, host-based intrusion detection, and robust incident response plans, to detect and mitigate threats that manage to evade initial security controls.