New Bashware Vector Bypasses Security Solutions in Windows 10

According to a report from the cybersecurity firm Check Point, a new technique dubbed “Bashware” reportedly allows any malware to leverage the Subsystem for Linux (WSL) feature in Windows 10 to bypass security software. Threat actors with admin-level access can enable the WSL feature, turn on the Windows 10 Development Mode, install Linux, and then installWine, a Windows emulator for Linux, to execute malicious activities. Check Point indicates that security software vendors will need to take action to modify their security solutions to detect this type of activity. The NJCCIC recommends Windows 10 users and administrators review Check Point’s analysis, implement both the Principle of Least Privilege and strict management of administrative accounts, and coordinate with security vendors and managed security service providers to determine the appropriate controls to address this technique.