Windows Bind Link Attacks Can Hide Malware From EDR Tools
Summary
Researchers at Bitdefender have discovered a new attack technique on Windows systems that leverages bind links. These links create conflicting filesystem views, allowing malware to evade detection by Endpoint Detection and Response (EDR) tools.
IFF Assessment
FOE
This discovery represents a new method for attackers to bypass security controls, making it harder for defenders to detect and neutralize threats.
Defender Context
Defenders need to be aware of this evasion technique that can hide malware from EDR solutions by manipulating filesystem views. This necessitates a review of EDR detection logic and potentially the implementation of additional monitoring mechanisms to detect anomalous filesystem access or manipulation.