SophosLabs has released a new report “How Sunburst Malware Does Defense Evasion”. Sean Gallagher, Senior Threat Researcher at Sophos explains the background.
The report uses a micro-analysis to show how attackers use evasion techniques to avoid detection by security technologies for as long as possible. According to the SophosLabs analysis, Sunburst uses a compromised software component for using SolarWinds' Orion to detect or even disable protective software on the target systems. SophosLabs has deconstructed the code used by Sunburst and provides an overview that helps researchers, security and IT specialists to better understand the attack.
Professional actors at work
Sean Gallagher, Senior Threat Researcher at Sophos, comments: “The selectivity of sunburst execution and the method of incapacitating a protection as aggressively as possible indicate that actors are cautious and try to attract little attention when they intrude . Security needs to be on guard by closely monitoring accounts and observing unusual activity. "
Straight to the report at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.