Latest news with #MicrosoftDefender
Tom's Guide
a day ago
- Tom's Guide
Hackers are abusing this Intel tool to disable Windows 11's built-in antivirus — don't fall for this
The Akira ransomware, which has been surging in popularity lately, has also been used recently by hackers in conjunction with a legitimate Intel CPU tuning driver to disable Microsoft Defender. As reported by Bleeping Computer, the attacks are registering the driver as a service in order to gain kernel-level access. The Intel CPU driver that is being abused is (used by ThrottleStop), and is likely used to load a secondary driver ( That secondary driver is a malicious tool that causes Microsoft Defender to turn off protections. These types of attacks are often referred to as BYOVD 'Bring Your Own Vulnerable Driver,' as they're used when threat actors already have a legitimate signed driver with known weaknesses that can be exploited to achieve privilege escalation. They are then, as is the case with the above drivers, used to load malicious tools or disable antivirus software. Researchers at Guidepoint Security, who reported seeing the malicious behavior, stated that when the second driver is executed it modifies the DisableAntiSpyware settings of Microsoft Defender within the Registry. The malware does this via the execution of The researchers at Guidepoint Security have provided a YARA rule, complete indicators of compromise (IoCs), service names and file paths to help defend against and block these attacks. Additionally, they recommend having system administrations monitor for Akira-related activity, apply filters and blocks as indicators emerge – and make sure to only download software from official sites and trusted sources as malicious sites and mimicked sources have become a more and more common way to distribute such malware. It's always alarming when hackers figure out way out ways to abuse legitimate security tools in their attacks but fortunately, this attempt was spotted quickly and a fix was devised early enough before this campaign could do significant damage. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Hans India
3 days ago
- Hans India
Microsoft's AI Agent ‘Project Ire' Can Independently Detect and Block Malware with High Accuracy
In a significant leap toward AI-driven cybersecurity, Microsoft has introduced Project Ire, a powerful artificial intelligence agent capable of independently detecting and blocking malware. Designed to function with minimal human oversight, the tool leverages advanced reverse engineering techniques to inspect software, assess its intent, and determine its threat level—all without relying on prior knowledge of the codebase. The innovation comes at a time when security teams are grappling with alert fatigue and the overwhelming volume of threats. 'This kind of work has traditionally been done manually by expert analysts, which can be slow and exhausting,' Microsoft stated in its official blog post. By removing much of the manual load, Project Ire promises both speed and scalability in enterprise threat detection. Unlike conventional AI security tools that often struggle with ambiguity in malware traits, Project Ire approaches the challenge with a unique methodology. Microsoft has equipped the agent with the ability to build a detailed 'chain of evidence'—a step-by-step record of its decision-making process. This audit trail allows cybersecurity professionals to verify conclusions, enhancing both transparency and trust in automated systems. The agent starts by identifying the file's type and structure, followed by reconstructing its control flow using decompiling tools like Ghidra and symbolic execution frameworks such as angr. It integrates various analytical tools via API to summarize the function of each code block, gradually building its chain of logic that supports the final verdict. In terms of performance, the results are compelling. During internal testing, Project Ire was tasked with analyzing a set of Windows drivers containing both safe and malicious files. The AI accurately classified 90% of them, with a precision score of 0.98 and a recall of 0.83. Only 2% of safe files were mistakenly flagged—a relatively low false positive rate in the cybersecurity domain. Microsoft then challenged the AI with a tougher dataset of nearly 4,000 complex and previously unreviewed software files, typically reserved for manual inspection. Even in this scenario, Project Ire demonstrated remarkable efficiency, maintaining a precision score of 0.89 and limiting false positives to just 4%. A standout achievement occurred when Project Ire became the first reverse engineer—human or AI—within Microsoft to compile sufficient evidence to warrant the autonomous blocking of an advanced persistent threat (APT) malware sample. That malware has since been neutralized by Microsoft Defender. The project is a collaborative effort involving Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum. As cyber threats become more sophisticated and persistent, tools like Project Ire are expected to become essential components of modern digital defense frameworks, offering faster, more consistent, and less labor-intensive threat mitigation. With Project Ire, Microsoft is not just enhancing its security toolkit—it's redefining what AI can accomplish in the world of malware defense.
Axios
3 days ago
- Axios
Microsoft unveils AI agent that can autonomously detect malware
Microsoft unveiled a prototype for a new, fully autonomous AI agent today that can automate the biggest hurdles in detecting malware. Why it matters: The tool is a breakthrough for cyber defenders, who spend hours studying and assessing suspicious files on their networks. Zoom in: Microsoft's new Project Ire can analyze and classify software "without assistance," according to a blog post published Tuesday. That analysis and classification is the "gold standard" for malware detection, the blog adds. Context: Typical malware detection relies on a skilled analyst who can take a potentially tainted software file and pick it apart until they uncover its origins. This can take hours and be taxing for analysts, who might have to dig through hundreds of files to see if they're malicious. But automating this task is incredibly difficult: AI struggles to make nuanced judgment calls about a program's intent or maliciousness, especially when its behavior is ambiguous or dual use. Between the lines: Project Ire is combatting those limitations in a couple ways. First, the agent is running on a system that has broken up malware analysis into different layers, meaning the tool is reasoning only in stages, rather than risking overload by trying to do everything at once. Second, the tool is running on a wide range of tools, including sandboxes of Microsoft memory analysis, custom and open-source tools, documentation search, and multiple decompilers. The intrigue: During a real-world test of Project Ire on nearly 4,000 files flagged by Microsoft Defender, nearly 9 out of 10 files that the agent flagged as malicious were actually malicious. Yes, but: Project Ire caught only about a quarter of all malicious files on the system in the test. "While overall performance was moderate, this combination of accuracy and a low error rate suggests real potential for future deployment," Microsoft noted in the post. The big picture: This is likely just the start of advancements of AI agents in cybersecurity.
The Verge
3 days ago
- The Verge
Microsoft has an AI agent that can detect malware.
Posted Aug 5, 2025 at 4:00 PM UTC Microsoft has an AI agent that can detect malware. Microsoft is announcing Project Ire today, an autonomous AI agent that can analyze and classify malware without assistance. Developed by Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, Project Ire is the first agent at Microsoft to independently author a conviction case 'strong enough to justify automatic blocking' of an APT malware sample. Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates. Tom Warren Posts from this author will be added to your daily email digest and your homepage feed. See All by Tom Warren Posts from this topic will be added to your daily email digest and your homepage feed. See All Microsoft Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Security Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
Business Journals
01-08-2025
- Business
- Business Journals
Stay ahead of cyberattacks with EDR
Cyberattacks are often unexpected, with '88% of ransomware -related breaches affecting small to medium sized businesses,' according to Verizon's 2025 report. Oftentimes, businesses are unaware of the modern methods used by hackers and furthermore how to insulate themselves from these threats. These attacks can seize valuable digital assets, including sensitive client information and vital operating systems. That's why businesses must protect their networks through proper cybersecurity protection. Traditionally, antivirus services like Microsoft Defender have been adequate for many businesses looking for basic digital protection, but today's threats require increased security through technology called Endpoint Detection Response (EDR). EDR software continuously monitors network endpoints (laptops, cellphones, etc.) to detect and isolate threats from your network. The difference between traditional antivirus and Endpoint Detection Response (EDR) Traditional antivirus solutions rely on the unique specific patterns of code or 'signatures' to identify cyber threats. These traditional cybersecurity tools are referred to as signature -based antivirus because of their methods. Antivirus companies work to maintain extensive databases full of unique signatures for every known threat. While effective at stopping surface-level threats with known signatures, signature-based antiviruses fail to detect many of the covert and complex threats seen today. Endpoint Detection Response differs from traditional antivirus services by using a variety of tools to proactively insulate your network from cybersecurity threats. First, EDR software establishes a list of acceptable computer applications, websites, and other actions to form a baseline for how your computer should behave. Using complex software and artificial intelligence, the EDR tools can actively monitor your computer, comparing things like energy consumption, processing speed, and file format to protect your computers from hackers and other cyber threats. This means that instead of relying on a unique signature like traditional antivirus, EDR tools focus on how a file or application acts, leading to a more effective and encompassing solution. Today, technology professionals recommend that businesses utilize both EDR and traditional signature-based antivirus solutions. While IT might not be in your job description, the differences between EDR services and signature-based antivirus can mean a widespread impact throughout your organization. To understand the importance of EDR services, break down its tangible impacts on your business in the event of a cyber threat. What do cyberattacks look like? Imagine you work in an office. One morning, you receive an email that looks like it came from your boss. It says, 'Please review the invoice ASAP,' and there is a file attached. Without a second thought, you click on the attachment and open the file. Little do you know, this file contains harmful malware, sent by a deceptive hacker. While this situation can get complicated quickly, let's break down how both traditional antivirus and EDR tools handle this scenario. What traditional antivirus does Once you open the attachment, your antivirus compares the file to the database of known bad files, but there's a problem. The hacker is using new and unknown code, or a 'zero-day' attack, making it undetectable by traditional antivirus software. These zero-day attacks are becoming increasingly common with the help of AI coding tools. Google reports an increase of 37% to 44% from 2023 to 2024 in zero-day unknown signature attacks, adding to the steady growth in recent years. This means the hacker's file has successfully thwarted your traditional signature -based antivirus and begun to steal valuable information from your system undetected by your antivirus software. What EDR tools do Once you open the attachment, the EDR tools don't just look at the file but also your computer's behavior. First, the EDR tools detect that the file is trying to access sensitive information like personal data and passwords. EDR tools also detect that the file is attempting to send this information to a strange server overseas. Comparing this activity to its pre-established baseline, the EDR tools flag the file and alert your IT team. Additionally, the software isolates your infected system from the rest of your network. This effectively minimizes most of the damage, enabling your IT team to clean your system and get you back to business. The takeaway Cyberattacks are becoming increasingly sophisticated, and traditional antivirus solutions alone may no longer be sufficient to protect your business. To ensure your business is properly secured, it's best to consult with an expert who can recommend the right combination of security measures tailored to your specific environment. Take the next step in cybersecurity protection Traditional antivirus is no longer enough. Today's threats are stealthy, fast moving, and designed to bypass outdated defenses. EDR is the modern solution your business needs to stay ahead of cybercriminals. Want to learn more? At Back To Business I.T., we offer cybersecurity solutions, actively monitor your network, respond to threats, and get you back to business. Don't wait for a breach to realize your antivirus isn't enough. Secure your business with smarter, proactive protection. Visit to schedule a free cybersecurity consultation today.
