Global security company Kaspersky said on the 27th that DLL Hijacking attacks have more than doubled over the past two years, citing a recent report.
DLL Hijacking is a common attack technique in which an attacker replaces a library loaded by a legitimate process with a malicious one. The technique is used not only by malware authors behind large-scale damage such as stealers and banking Trojans, but also by APT groups and cybercrime organizations for targeted attacks.
Kaspersky announced that, to counter the surge in DLL Hijacking attacks, it has newly added an AI-based library analysis subsystem to its SIEM (security information and event management) platform. The feature collects in real time all DLL information loaded when a program runs and analyzes it with an artificial intelligence model, including file path, whether it has a digital signature, and structural changes. If it detects a suspicious pattern in the process, it automatically generates an event and issues an alert to administrators.
Lee Hyo-eun, head of Kaspersky Korea, said, "DLL Hijacking attacks have doubled over the past two years, and Korean corporations are facing this threat," and added, "Kaspersky SIEM has added an AI-based subsystem that continuously analyzes loaded library information, enabling effective responses to threats that are difficult to detect."