Microsoft Corporation (NASDAQ:MSFT) Anti-ransomware Tool Not Effective Against Latest Hacker Tool

Andy Parker
-
0
Microsoft Corporation (NASDAQ:MSFT) Anti-ransomware Tool Not Effective Against Latest Hacker Tool

Ransomware has become an increasingly complex part of hacker toolkits for hire and some have the ability to bypass anti-ransomware defense systems such as the Enhanced Mitigation Experience Toolkit (EMET) developed by Microsoft Corporation (NASDAQ:MSFT).

EMET has been an effective tool against flaws identified in third party software for Windows especially where patches are not available. It is effective against attacks prior to the release of the patch to fix the loopholes. However, FireEye Inc (NASDAQ:FEYE) researchers have identified Flash Player and Silverlight loopholes that ransomware tools have been using to evade the EMET tools.

One of the most popular cybercrime tools known as Angler has the capacity to launch web-based attacks. The hacker tool takes advantage of weaknesses found in browsers or browser add-ons when users find themselves on websites harboring malicious ads that have been cleverly coded and concealed. A particular version of Angler known as Angler EK can bypass security measures put in place by the EMET system. This announcement by FireEye means users and businesses using EMET are still at risk of cyber-attacks where evasion tools like Angler are deployed. This means there is an increasing need for the revision of the security systems to create tools that will seal the loopholes used by hackers.

Some of the techniques that hackers use have the ability to bypass the EMET system known as Data Execution Prevention (DEP) which prevents various codes from being executed in the computer’s memory. One such tool to bypass DEP is called return oriented programming (ROP) FireEye however claims that the exploits that it analyzed did not employ the ROP techniques. The cyber security firm claims that it only analyzed exploits used in Windows 7 though it carried out the tests using the latest version of EMET.

Though the tests did not evaluate Windows 10, the threats are still significant because Windows 7 is still the most widely used version of Windows around the globe. The hackers developing these exploit tools have improved their level of sophistication over the past few years.