¥»¥¥å¥ê¥Æ¥£¥½¥Õ¥È¤ò̵Îϲ½¤¹¤ë¥Ä¡¼¥ëÍѤ¤¤ë¥é¥ó¥µ¥à¥¦¥§¥¢¹¶·â¤ËÃí°Õ
Sophos¤Ï8·î14Æü(±Ñ¹ñ»þ´Ö)¡¢¡ÖRansomware attackers introduce new EDR killer to their arsenal - Sophos News¡×¤Ë¤ª¤¤¤Æ¡¢¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖRansomHub¡×¤ò»ÈÍѤ¹¤ë¶¼°Ò¥¢¥¯¥¿¡¼¤¬¥¨¥ó¥É¥Ý¥¤¥ó¥È¸¡½Ð±þÅú(EDR: Endpoint Detection and Response)À½Éʤò̵Îϲ½¤¹¤ë¿·¤·¤¤¹¶·â¥Ä¡¼¥ë¤ò»ÈÍѤ·¤¿¤È¤·¤Æ¡¢Ãí°Õ¤ò¸Æ¤Ó³Ý¤±¤¿¡£Æ±¼Ò¤Ï¤³¤Î¹¶·â¥Ä¡¼¥ë¤ò¡ÖEDRKillShifter¡×¤È̾ÉÕ¤±¤Æ¤¤¤ë¡£
Ransomware attackers introduce new EDR killer to their arsenal - Sophos News
¡û¥µ¥¤¥Ð¡¼¹¶·â¥Ä¡¼¥ë¡ÖEDRKillShifter¡×¤È¤Ï
Sophos¤ÎÊó¹ð¤Ë¤è¤ë¤È¡¢EDRKillShifter¤Ï2024ǯ5·î¤ËȯÀ¸¤·¤¿»ö°Æ¤Ç½é¤á¤Æ¸ºß¤¬³Îǧ¤µ¤ì¤¿¤È¤¤¤¦¡£¤³¤Î»ö°Æ¤Ç¤ÏSophos¤Î¥»¥¥å¥ê¥Æ¥£À½ÉʤòEDRKillShifter¤Ë¤è¤êÄä»ß¤µ¤»¤è¤¦¤È¤·¤¿¤¬¼ºÇÔ¤·¤¿¤È¤¤¤¦¡£¤Þ¤¿¡¢¼ºÇÔ¸å¤Ë¥é¥ó¥µ¥à¥¦¥§¥¢¤ò¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¤¬¡¢¤³¤ì¤â¥»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤Ë¤è¤êÁ˻ߤµ¤ì¤¿¤È¤Î¤³¤È¡£
Sophos¤Ï¤³¤Î¥Ä¡¼¥ë¤òBYOVD(Bring Your Own Vulnerable Driver)¤Î°ì¼ï¤ÈʬÀϤ·¤Æ¤¤¤ë¡£»ÈÍѤµ¤ì¤ëÀȼå¤Ê¥É¥é¥¤¥Ð¡¼¤ÏÊ£¿ô¸ºß¤·¡¢¤½¤ì¤é¤Î¤¦¤Á¤Î1¤Ä¤ò¥É¥í¥Ã¥×¤·¤Æ°ÍѤ¹¤ë¡£¥É¥é¥¤¥Ð¡¼¤Î°ÍѤËÀ®¸ù¤¹¤ë¤ÈɬÍפʸ¢¸Â¤ò¼èÆÀ¤·¤Æ¥»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤ÎÄä»ß¤ò»î¤ß¤ë¡£
EDRKillShifter¤Ë¤Ï¡¢¥í¥·¥¢¸ì¤Î¥×¥í¥Ñ¥Æ¥£¾ðÊó¤¬Ëä¤á¹þ¤Þ¤ì¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¤½¤Î¤¿¤á¡¢¾¯¤Ê¤¯¤È¤â³«È¯¼Ô¤Î1¿Í¤Ï¥í¥·¥¢¸ì¤ò³«È¯´Ä¶¤ËºÎÍѤ·¤Æ¤¤¤ë¿Íʪ¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢È¯¸«¤µ¤ì¤¿¥µ¥ó¥×¥ë¤Ï¤¹¤Ù¤Æ°Û¤Ê¤ëºÇ½ª¥Ú¥¤¥í¡¼¥É(°¡¼ï)¤òŸ³«¤¹¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤ë¡£Sophos¤Ï¤³¤ì¤éʬÀϤηë²Ì¤«¤é¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤Ë¤è¤ëʬ¶È¤Î²ÄǽÀ¤ä¡¢À½ÉʤȤ·¤ÆÈÎÇ䤵¤ì¤¿²ÄǽÀ¤ò»ØŦ¤·¤Æ¤¤¤ë¡£
¡û´ËϺö
Sophos¤ÏEDRKillShifter¤ò»ÈÍѤ·¤¿¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¡¢Windows¥Ç¥Ð¥¤¥¹¤Î´ÉÍý¼Ô¤Ë¼¡¤Î¤è¤¦¤Ê´ËϺö¤Î¼Â»Ü¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£
ºÇ¾®¸¢¸Â¤Î¸¶Â§¤òÅ°Ä줹¤ë¡£¤³¤Î¹¶·â¤Ï¸¢¸Â¾º³Ê¤Þ¤¿¤Ï¡¢´ÉÍý¼Ô¸¢¸Â¤òÀà¼è¤Ç¤¤ë¾ì¹ç¤Ë¤Î¤ßÀ®¸ù¤¹¤ë¡£¥æ¡¼¥¶¡¼¸¢¸Â¤ò´ÉÍý¼Ô¸¢¸Â¤«¤éʬΥ¤¹¤ë¤³¤È¤Ç¥É¥é¥¤¥Ð¡¼¤Î¥í¡¼¥É¤òÁ˻ߤ¹¤ë¤³¤È¤¬¤Ç¤¤ë
¥·¥¹¥Æ¥à¤òºÇ¿·¤Î¾õÂ֤˰ݻý¤¹¤ë
Microsoft¤Ï2023ǯ7·î¤ËÀȼå¤Ê¥É¥é¥¤¥Ð¡¼¤Î¥Ç¥¸¥¿¥ë½ð̾¤ò̵¸ú¤Ë¤¹¤ë¹¹¿·¥×¥í¥°¥é¥à¤ò¸ø³«¤·¤Æ¤¤¤ë(»²¹Í¡§¡ÖADV230001 - ¥»¥¥å¥ê¥Æ¥£¹¹¿·¥×¥í¥°¥é¥à ¥¬¥¤¥É - Microsoft - Microsoft ½ð̾ºÑ¤ß¥É¥é¥¤¥Ð¡¼¤¬°ÍѤµ¤ì¤¿¾ì¹ç¤Î¥¬¥¤¥À¥ó¥¹¡×)¡£¤³¤ì¤é¹¹¿·¥×¥í¥°¥é¥à¤òŬÍѤ¹¤ë¤³¤È¤ÇÀȼå¤Ê¥É¥é¥¤¥Ð¡¼¤Î¥í¡¼¥É¤¬º¤Æñ¤È¤Ê¤ê¹¶·â¤ò²óÈò¤Ç¤¤ë¤³¤È¤«¤é¡¢¥·¥¹¥Æ¥à¤ÎÀѶËŪ¤Ê¥¢¥Ã¥×¥Ç¡¼¥È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£
¡û¥µ¥¤¥Ð¡¼¹¶·â¥Ä¡¼¥ë¡ÖEDRKillShifter¡×¤È¤Ï
Sophos¤ÎÊó¹ð¤Ë¤è¤ë¤È¡¢EDRKillShifter¤Ï2024ǯ5·î¤ËȯÀ¸¤·¤¿»ö°Æ¤Ç½é¤á¤Æ¸ºß¤¬³Îǧ¤µ¤ì¤¿¤È¤¤¤¦¡£¤³¤Î»ö°Æ¤Ç¤ÏSophos¤Î¥»¥¥å¥ê¥Æ¥£À½ÉʤòEDRKillShifter¤Ë¤è¤êÄä»ß¤µ¤»¤è¤¦¤È¤·¤¿¤¬¼ºÇÔ¤·¤¿¤È¤¤¤¦¡£¤Þ¤¿¡¢¼ºÇÔ¸å¤Ë¥é¥ó¥µ¥à¥¦¥§¥¢¤ò¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¤¬¡¢¤³¤ì¤â¥»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤Ë¤è¤êÁ˻ߤµ¤ì¤¿¤È¤Î¤³¤È¡£
Sophos¤Ï¤³¤Î¥Ä¡¼¥ë¤òBYOVD(Bring Your Own Vulnerable Driver)¤Î°ì¼ï¤ÈʬÀϤ·¤Æ¤¤¤ë¡£»ÈÍѤµ¤ì¤ëÀȼå¤Ê¥É¥é¥¤¥Ð¡¼¤ÏÊ£¿ô¸ºß¤·¡¢¤½¤ì¤é¤Î¤¦¤Á¤Î1¤Ä¤ò¥É¥í¥Ã¥×¤·¤Æ°ÍѤ¹¤ë¡£¥É¥é¥¤¥Ð¡¼¤Î°ÍѤËÀ®¸ù¤¹¤ë¤ÈɬÍפʸ¢¸Â¤ò¼èÆÀ¤·¤Æ¥»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤ÎÄä»ß¤ò»î¤ß¤ë¡£
EDRKillShifter¤Ë¤Ï¡¢¥í¥·¥¢¸ì¤Î¥×¥í¥Ñ¥Æ¥£¾ðÊó¤¬Ëä¤á¹þ¤Þ¤ì¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¤½¤Î¤¿¤á¡¢¾¯¤Ê¤¯¤È¤â³«È¯¼Ô¤Î1¿Í¤Ï¥í¥·¥¢¸ì¤ò³«È¯´Ä¶¤ËºÎÍѤ·¤Æ¤¤¤ë¿Íʪ¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢È¯¸«¤µ¤ì¤¿¥µ¥ó¥×¥ë¤Ï¤¹¤Ù¤Æ°Û¤Ê¤ëºÇ½ª¥Ú¥¤¥í¡¼¥É(°¡¼ï)¤òŸ³«¤¹¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤ë¡£Sophos¤Ï¤³¤ì¤éʬÀϤηë²Ì¤«¤é¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤Ë¤è¤ëʬ¶È¤Î²ÄǽÀ¤ä¡¢À½ÉʤȤ·¤ÆÈÎÇ䤵¤ì¤¿²ÄǽÀ¤ò»ØŦ¤·¤Æ¤¤¤ë¡£
¡û´ËϺö
Sophos¤ÏEDRKillShifter¤ò»ÈÍѤ·¤¿¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¡¢Windows¥Ç¥Ð¥¤¥¹¤Î´ÉÍý¼Ô¤Ë¼¡¤Î¤è¤¦¤Ê´ËϺö¤Î¼Â»Ü¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£
ºÇ¾®¸¢¸Â¤Î¸¶Â§¤òÅ°Ä줹¤ë¡£¤³¤Î¹¶·â¤Ï¸¢¸Â¾º³Ê¤Þ¤¿¤Ï¡¢´ÉÍý¼Ô¸¢¸Â¤òÀà¼è¤Ç¤¤ë¾ì¹ç¤Ë¤Î¤ßÀ®¸ù¤¹¤ë¡£¥æ¡¼¥¶¡¼¸¢¸Â¤ò´ÉÍý¼Ô¸¢¸Â¤«¤éʬΥ¤¹¤ë¤³¤È¤Ç¥É¥é¥¤¥Ð¡¼¤Î¥í¡¼¥É¤òÁ˻ߤ¹¤ë¤³¤È¤¬¤Ç¤¤ë
¥·¥¹¥Æ¥à¤òºÇ¿·¤Î¾õÂ֤˰ݻý¤¹¤ë
Microsoft¤Ï2023ǯ7·î¤ËÀȼå¤Ê¥É¥é¥¤¥Ð¡¼¤Î¥Ç¥¸¥¿¥ë½ð̾¤ò̵¸ú¤Ë¤¹¤ë¹¹¿·¥×¥í¥°¥é¥à¤ò¸ø³«¤·¤Æ¤¤¤ë(»²¹Í¡§¡ÖADV230001 - ¥»¥¥å¥ê¥Æ¥£¹¹¿·¥×¥í¥°¥é¥à ¥¬¥¤¥É - Microsoft - Microsoft ½ð̾ºÑ¤ß¥É¥é¥¤¥Ð¡¼¤¬°ÍѤµ¤ì¤¿¾ì¹ç¤Î¥¬¥¤¥À¥ó¥¹¡×)¡£¤³¤ì¤é¹¹¿·¥×¥í¥°¥é¥à¤òŬÍѤ¹¤ë¤³¤È¤ÇÀȼå¤Ê¥É¥é¥¤¥Ð¡¼¤Î¥í¡¼¥É¤¬º¤Æñ¤È¤Ê¤ê¹¶·â¤ò²óÈò¤Ç¤¤ë¤³¤È¤«¤é¡¢¥·¥¹¥Æ¥à¤ÎÀѶËŪ¤Ê¥¢¥Ã¥×¥Ç¡¼¥È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£