keller - Fotolia
A new form of the Kronos banking Trojan called Osiris was recently discovered using an advanced evasion technique known as process impersonation. How does Osiris use process impersonation and what threats does it pose?
Endpoint security tools, such as antimalware and endpoint detection and response tools, have made significant progress in detecting advanced attack techniques. These tools can detect many different attacks, like malicious PowerShell scripts and other potentially malicious actions.
The newly uncovered Osiris banking Trojan, which appears to be an update to the Kronos banking Trojan, added a new functionality -- process impersonation -- and it may not be detected by all endpoint security tools.
Process impersonation occurs when malware tries to look like a legitimate executable on an endpoint by using the same name as a legitimate process when it runs or when it uses dynamic-link library injection to inject malicious code into a running process. To use process impersonation, the malware must execute its code on the endpoint.
Adding process impersonation to existing malware can make it more difficult for endpoint security tools to identify the malware and stop the attack. It also makes investigating an incident significantly more difficult if the system doesn't have sufficient logging.
If your endpoint security tools don't have the capability to log process impersonation, process hollowing or process doppelgänging, then you may want to inquire with your vendor about when the functionality is going to be added or start looking for a new endpoint security tool.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.