Protecting critical infrastructure from ransomware and advanced cyberattacks is proving to be challenging across all sectors in the United States. In fact, these cyberattacks are growing in sophistication and are employing stealth techniques against common detection capabilities to remain undetected. The emergence of ransomware-as-a-service (RaaS) creates an elaborate ecosystem for leasing out malware and malicious software to affiliates and cybercriminals for profit. This allows ransomware actors to scale to increase profits and maximize their attack reach, while minimizing effort for ransomware developers. In fact, cybercriminals and nation state actors are blending and adopting tactics and techniques of each other, where espionage and cybercrime converge. What is common to both threat groups are evasion techniques, increasing the ability for these threat actors to remain in stealth mode, which makes it more difficult to detect.

Ransomware requires more protection

Cybercriminals who use RaaS can infect more victims, demand more ransoms, and improve their tactics to stay ahead of detection capabilities. According to Chainalysis, the Dark Angels ransomware group received the largest ransomware payment ever at approximately $75 million in 2024. Disrupting ransomware and advanced cyberattacks is imperative for national security. To do so will require industry to shift toward a holistic endpoint protection and prevention strategy that starts with endpoint privilege management (EPM). Why EPM? Because it is more resilient against ransomware and advanced cyberattacks, providing better protection capabilities to reduce the attack surface on endpoints. Endpoint detection and response (EDR) performance and detection against ransomware and advanced cyberattacks have failed to protect government agencies as cited in the Cybersecurity and Infrastructure Security Agency’s Red Team Assessment report. Moving to a holistic endpoint protection and prevention strategy will help shore up cyber defense for cyberattacks targeting critical infrastructure.

Threat actors bypassing EDR

Curated threat intelligence from MITRE ATT&CK and other threat intelligence sources have shown increasing use of advanced malware called EDR killers designed to evade, disable and manipulate EDR systems. EDR killers employ a range of techniques including terminating EDR security-related processes, tampering with EDR agents, DLL unhooking and API hooking, process hollowing and unloading kernel drivers. These evasion techniques pose a significant risk to critical infrastructure and government agencies responsible for critical infrastructure protection, rendering EDR capabilities ineffective and unreliable. Another common evasion technique highly weaponized by threat actors is living-off-the-land (LoTL) attacks that leverage native systems tools, trusted software and operating system (OS) utilities, such as PowerShell, Windows Management Instrumentation (WMI) and schedule tasks that are whitelisted by EDR.

Complimenting EDR with EPM protection capabilities is essential to combat highly sophisticated threat actors’ behaviors and activities. Understanding these gaps and issues in state-of-the-art practices is critical for elevating cyber defense with the right protection measures to boost cyber resiliency against evolving threats.

EDR leaves gaps in endpoint resiliency

Boosting cyber resiliency early in the ATT&CK lifecycle will disrupt threat actors’ capabilities and prevent them from increasing their foothold by evading detections and gaining privilege and persistence to move through the ATT&CK lifecycle. Early detection, which requires a more proactive approach, can prevent data exfiltration and impacts such as distributed denial of service, data destruction and encryption that are common with ransomware attacks. Shifting to a more proactive approach requires industry to rethink and adjust their endpoint security strategy that is less reliant on reactive capabilities associated with EDR capabilities. EDR by design focuses on detection and then prevention, which means it must accurately detect maliciousness before it can prevent the threat. That is good for common threats, but novel and sophisticated threats require longer attack chains before EDR can gain confidence.

This was demonstrated by security researchers who analyzed MITRE ATT&CK evaluation results over multiple years using whole-graph analysis to measure the performance of EDR systems. Specifically, various aspects were analyzed to include detection coverage, detection confidence, detection modifier, data source, etc. Security researchers identified the following gaps in EDR capabilities:

1. Enhanced attack correlation — Many EDR systems still rely on detecting isolated events, and do not properly utilize comprehensive correlation to better understand and contextualize complex attack patterns. This limits the visibility in detection of multi-step and stealthy attack scenarios, which severely hamper response capabilities.
2. EDR systems struggle with advanced techniques — Threats that employ techniques that use living-off-the-land and advanced evasion require more sophisticated correlation from EDR systems.
3. Cross-host correlation is inconsistent — Many EDR systems struggle to detect lateral movement and coordinated attacks that span across multiple endpoints.
4. EDR systems too Windows-centric – A large percentage of EDR systems do not support Linux-based endpoints; if they do, they result in low detection and protection results.
5. Detection quality needs improvements — The variability in detection quality is essential for good coverage and detection. It is important to reduce the occurrence of low-quality alerts that can attribute to a considerable number of false positives — alert fatigue is real.

Cyber defenders must understand gaps in their overall security posture and develop strategies to elevate their cyber defense. To do that, a holistic endpoint strategy is needed to help reduce the attack surface on endpoints by managing privileges at the individual, user group and application levels. In the context of zero trust, no end user has privilege access by default. Privilege access is granted using just-in-time (JIT), to ensure just enough access, on an as-needed basis.

Closing gaps left by EDR

Enforcing least privilege, JIT and just enough access capabilities with endpoint privilege management provides protection and prevention capabilities that EDR lacks and cannot perform natively. These protection and prevention capabilities are designed to restrict elevated rights and control application execution. Implementing EPM with EDR allows critical infrastructure and government agencies to achieve stronger endpoint resiliency.

• EPM reduces the noise by limiting user privileges and application execution, which allows EDR to improve accuracy and threat detection.
• EPM limits the scope of potential damage, which allows EDR to focus on investigating and remediating specific threats to accelerate incident response.
• EPM prevents tampering with EDR agents by removing standing privileges and stopping privilege escalation attempts, which ensures EDR can continue to operate on a compromised endpoint.
• EPM contextualizes users and applications with elevated privileges, which improves threat hunting, enabling security teams to prioritize and investigate most likely threats.

CISA has been tracking ransomware actors and various techniques used to bypass and evade EDR. As part of their #StopRansomware campaign, CISA has been diligent about providing threat intelligence to the community with respect to tradecraft used by threat actors. CISA within the last four months has updated or released advisories for some of the top ransomware gangs outlining their ATT&CK techniques used in the wild.

• Play (Advisory updated June 4, 2025)
• Rhysida (Advisory updated April 30, 2025)
• Medusa (Published March 2025)
• Ghost aka Cringe (Published February 2025)

The table above highlights the evasion and bypass techniques that were used and have been associated with ransomware attacks. Threat actors are actively using LoTL and bring-your-own-vulnerable-driver (BYOVD) more in their attack arsenal. This illustrates the growing use of EDR evasion and bypass techniques by popular and active ransomware, but also demonstrates the need to complement other endpoint protection capabilities like EPM to boost endpoint resiliency. This echoes CISA’s Red Team assessment report, citing that the red team excelled in bypassing EDR solutions by avoiding the use of basic “known-bad” detections the tools would capture. In fact, the report further states that EDR detected only a few of the red team’s payloads in the organization’s Windows and Linux environments.

Defining a holistic endpoint protection and prevention strategy

A holistic endpoint protection and prevention strategy leaves no privileges behind. Privileges that are left behind become prime attack vectors that threat actors use to bypass and evade detection capabilities deployed in the environment to establish persistence and move laterally. Industry must pivot from a single point of failure with EDR, to a more holistic approach that not only enhances and protects EDR but can disrupt threat actors early in the ATT&CK lifecycle by enforcing privilege management to reduce the attack surface and harden the endpoint system. Enforcing least privilege, JIT and just enough access capabilities with endpoint privilege management provides protection and prevention capabilities that EDR lacks and cannot perform natively. EPM embraces foundational zero trust principles and concepts which will allow government agencies to mature their zero trust, while elevating their cyber defense.

Kevin E. Greene is chief security strategist for the public sector at BeyondTrust.

The post CISA must shift cyber defense toward a holistic endpoint protection and prevention strategy first appeared on Federal News Network.

Vicky

This article originally appeared on vigilantfox.com and was republished with permission.

In a move that many were hoping for but were not expecting, HHS Secretary Robert F. Kennedy just announced that BARDA will be CANCELING 22 mRNA vaccine development contracts, saving taxpayers about $500 million in the process.

This move delivered a major blow to the biomedical industrial complex, which was hoping to make an mRNA vaccine for just about every disease imaginable.

The reason for this move is grounded in what happened during the COVID debacle, which Kennedy explained in detail.

First, he shared how “mRNA vaccines don’t perform well against viruses that infect the upper respiratory tract.”

“mRNA only codes for a small part of the viral proteins, usually a single antigen. One mutation, and the vaccine becomes INEFFECTIVE,” Kennedy said.

The next revelation was a big surprise.

Kennedy confirmed that the COVID shots could have CAUSED the mutations and EXTENDED the pandemic altogether.

He explained:

“The [mRNA] vaccine [platform] paradoxically encourages new mutations and can actually prolong pandemics. As the virus constantly mutates to escape the protective effects of the vaccine, millions of people, maybe even you or someone you know, caught the Omicron variant despite being vaccinated. That’s because a single mutation can make mRNA vaccines ineffective.”

Kennedy’s comments echo what vaccinologist Dr. Geert Vanden Bossche and the “conspiracy theorists” have been saying for the better part of four years now.

He warned, “You are generating a breeding ground for even more infectious variants to replicate” when you vaccinate DURING a pandemic.

With the conclusion that mRNA shots are ineffective against respiratory viruses, prolong pandemics, and encourage mutations, Kennedy declared:

“mRNA technology poses MORE risk than benefits for these respiratory viruses.”

As such, Kennedy announced that BARDA (Biomedical Advanced Research and Development Authority) will be CANCELING 22 mRNA vaccine contracts, saving taxpayers “just under $500 million” in the process.

He clarified that this isn’t a complete indictment of mRNA technology across the board, but when it comes to respiratory diseases, he believes it offers no benefit to humanity.

“That’s why we’re moving beyond the limitations of mRNA for respiratory viruses and investing in better solutions,” Kennedy said.

Thanks for reading! I hope this brought you the good news you needed today.

I was banned from Twitter 1.0 three times for sharing information that Kennedy just confirmed.

Like many others, I was labeled a “conspiracy theorist.” Turns out, we were right all along.

Image: Wikipedia Commons

Find more stories like this at VigilantFox.com

The post RFK Jr. Drops a Mega Bombshell on mRNA Vaccine Technology (VIDEO) appeared first on The Gateway Pundit.

Vicky

Congresswoman Marjorie Taylor Greene has publicly criticized President Donald Trump over immigration policy and foreign aid.

Greene responded to Trump’s tariff announcement on India by urging an end to H1-B visas that she claims replace American jobs. Greene also called for stopping funding and weapons to Ukraine in its conflict with Russia.

Greene stated that continued U.S. funding for Kiev betrays the majority of Americans who voted to end foreign wars.

She highlighted Trump’s 2024 election win as a mandate against such involvement. The congresswoman warned that supporting these policies risks losing younger voters permanently.

On the Israel-Gaza conflict, Greene described Israel’s actions as a “genocide” and condemned the starvation in Gaza. She became the first Republican lawmaker to use this term publicly.

Greene emphasized that innocent Palestinian lives, including children and Christians, should not be devalued compared to Israeli ones.

Greene expressed surprise that more conservative colleagues have not spoken out against U.S. support for Israel’s offensive operations.

She argued that funding such wars contradicts a biblical mandate and America’s interests.

The congresswoman clarified her support for Israel’s existence while opposing involvement in its conflicts.

Trump has acknowledged the humanitarian crisis in Gaza, noting visible starvation among children despite Netanyahu’s denials.

He mentioned his wife Melania’s distress over images from the region. This marks a softening in Trump’s stance amid ongoing hostilities nearing two years.

Greene’s positions reflect broader shifts in U.S. opinion, with approval of Israel’s Gaza actions dropping to 32 percent per Gallup polls.

Republicans under 50 now view Israel more negatively than positively, according to Pew surveys.

Figures like Steve Bannon and Tucker Carlson have also criticized Netanyahu’s government.

The congresswoman has voiced growing frustration with the Republican Party’s direction. She questioned whether the GOP is leaving her or if she no longer relates to it.

Greene stated she does not want involvement in the party’s current course on foreign policy and spending.

3Greene warned Trump about delivering on promises like Epstein file transparency to retain base support. She referenced past divergences, including on AI policy in Trump’s “Big Beautiful Bill.” Despite these splits, Greene affirmed her commitment to America First principles.

Greene suggested her political future may not rely on party establishment backing. She expressed confidence in winning support from Georgia voters independently. However, the congresswoman indicated no plans for higher office in 2026.

The post Marjorie Taylor Greene Unloads on the GOP, H1B Immigration, Foreign Aid to Ukraine, Israel appeared first on The Gateway Pundit.

Vicky