A new open-source offensive security tool named “SilentButDeadly” has been released, designed to neutralize Endpoint Detection and Response (EDR) and Antivirus (AV) software. The tool works by severing the network connections of EDR/AV processes, effectively blinding them from communicating with their cloud management consoles.
Business Impact
This tool is a significant threat to modern security stacks. An attacker who successfully runs it can operate undetected on a compromised endpoint, as the EDR will be unable to send alerts or receive investigation commands, giving the attacker free rein to conduct lateral movement and data exfiltration.
Why It Happened
The tool exploits a design element where EDR agents, once disconnected from their cloud, may fail “open” or be unable to report malicious activity. Ransomware groups like Akira are already reportedly incorporating this technique into their attacks.
Recommended Executive Action
Direct your endpoint security team to verify with your EDR vendor that they have protections against this type of network isolation attack (e.g., self-protection, fail-closed mechanisms). Ensure detection rules are in place to monitor for processes that attempt to tamper with EDR network connections.
Hashtags: #EDR #EndpointSecurity #AV #CyberSecurity #RedTeam #BlueTeam #InfoSec #Ransomware