Since WSL is not turned on by default, and users are required to manually activate "development mode" on their computer systems in order to use it and reboot the system, the risks posed by the feature are mitigated to some extent. However, these additional attacks could also alert antivirus and security products, subverting the attack before the actual Bashware attack can be executed to hide malware. Yes, Bashware requires administrator access on the target computers, but gaining admin privileges on Windows PCs via phishing attacks and/or stolen admin credentials is not a difficult task for a motivated attacker. "What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system."īashware Attackers Requires Admin Rights-Is that Hard on Windows PC? In fact, WSL seems to be well designed," the researchers concluded. "Bashware does not leverage any logic or implementation flaws in WSL's design. It is because no security product monitors Pico processes, even when Microsoft already provides Pico API, a special application programming interface that can be used by security companies to monitor such processes. In order to run the target Linux application in an isolated environment, Microsoft introduced " Pico processes"-containers that allow running of ELF binaries on the Windows operating system.ĭuring their tests, the Check Point researchers were able to test the Bashware attack on "most of the leading antivirus and security products on the market," and successfully bypass all of them. Who is the Culprit? Microsoft or Security Vendors? ![]() "This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms." "Existing security solutions are still not adapted to monitor processes of Linux executables running on Windows OS, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time," Check Point researchers say. ![]() But why so? Researchers argue that existing security software packages for Windows systems have not yet been modified to monitor processes of Linux executables running on Windows operating system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |