Cyber threat actors consistently adjust their techniques, tactics, and procedures (TTPs) to find new and unsuspecting ways to access target environments and disrupt their operations. In most instances, this is done for financial gain. One significant challenge facing businesses—and cybersecurity teams, more specifically—is maintaining the ability to respond quickly to new and emerging threats for which a thin catalog of Indicators of Compromise (IoC) or an undeveloped threat response playbook exists.
One specific way threat actors have been seen carrying out malicious attacks on businesses is by using EDR Silencers. Understanding this emerging threat is crucial because many organizations that invest in their cyber defenses utilize some EDR (Endpoint Detection and Response) tool to help prevent ransomware and other cyber intrusions. To effectively defend against Silencers, business leaders must understand the usage of their own EDR tools, develop plans for potential tool failure, and enhance overall preparedness for cyberattacks, including this specific and other emerging threats.
For organizations without the bandwidth to both stay alert to changes in threat tactics and implement effective responses, working with a 24/7 Security Operations Center (SOC) can make an impactful difference. A SOC team is essential for combating cyber threats as it provides continuous monitoring and real-time threat remediation, helping ensure that environments are protected even outside standard business hours when most cyberattacks occur (1). Partnering with a dedicated SOC can bring the experience of certified analysts and engineers to your defense and integrate advanced security tools to prevent threat actors from gaining a foothold, allowing your IT team to focus on core business objectives, not unceasing threat research.
An “endpoint” is a broad term for any physical device that connects to an organization’s more extensive digital network, including laptops, mobile phones, servers, or device sensors. A detection and response (EDR) tool refers to the software installed on the endpoint, which continuously collects data so a user or system manager (IT team, for instance) can monitor for and respond to threats and other suspicious activity. These systems incorporate rules-based automated response and analysis capabilities derived from data gathered during threat hunting and previous engagements, as well as accumulated and shared knowledge throughout the cybersecurity community.
It is important to note that EDR systems are merely one layer of a comprehensive cybersecurity program. However, they are vital and effective when configured properly and actively monitored on a 24/7/365 basis. There is no guaranteed protection or prevention of all cyberattacks throughout the cybersecurity landscape. Although EDR tools can provide exceptional defense, it is crucial for there to be an experienced team of humans in place to respond immediately if the tool fails or a threat actor devises a new TTP that obfuscates toolset capabilities.
In our current context, an EDR Silencer is any tool designed to evade detection by standard EDR systems. The original detection by Trend Micro was of a specific tool called “EDRSilencer,” which is becoming a deonym for any tool fitting the category (2). This emerging threat was initially crafted for use by Red Teams, ‘ethical hackers’ who work together to simulate a cyberattack to test and improve an organization’s security defenses (3). EDR Silencers have since been co-opted by threat actors to use for nefarious purposes, continuing a trend of open-source cybersecurity tools being used this way (see Cobalt Strike, for an example).
EDR Silencers increase the stealthiness of threat actors, contributing to an increased likelihood of their moving laterally within a compromised environment. This tool typically uses Windows Filtering Platform (WFP) to prevent the EDR agents from successfully identifying and reporting specific detections as security events to security teams engaged in active monitoring. In other words, it blocks the EDRs ability to send an alert, thus indicating that all is well in the environment and the monitoring team takes no action. However, this is only the case if the EDR Silencer has been coded explicitly to ‘evade’ a specific EDR tool. To overcome the impact of these silencers, security teams can enhance their detection capabilities with additional coded software; a tool called “EDRNoiseMaker” is specifically constructed to detect EDR Silencers.
EDR Silencers are a relatively new phenomenon in the cyber threat landscape. Their existence, however, indicates a significant and not uncommon trend of threat actors continuously attempting to devise ways to obfuscate current cybersecurity defenses. While no singular tool or toolset – take EDRs, for instance –can provide total cyber security, there are demonstrated ways to enhance overall cyber resilience in the face of EDR Silencers and other new and emerging TTPs.
Because the cybersecurity landscape changes quickly and consistently, it is best for organizations that do not maintain an internal 24/7 cybersecurity team to work closely with an organization that does to help implement the most appropriate solutions for the organization. Maintaining a multi-layered defense is necessary, not just for EDR Silencer related issues, but also for optimized security posture, as threat actors constantly develop new TTPs.
Understanding threats like EDR Silencers is crucial in the evolving cyber landscape. EDR tools are vital but not foolproof, and these silencers are designed to evade detection. Organizations should develop Incident Response plans, ensure 24/7 monitoring, conduct regular risk assessments and maintain secure backups. Employee training on phishing and social engineering is essential. Collaborating with specialized cybersecurity firms for continuous threat monitoring and adopting a comprehensive defense strategy enhances overall cyber resilience, helping businesses stay ahead of emerging threats and protect their digital environments.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
©2025 SpearTip, LLC. All rights reserved.