Surge in “Hunter-Killer” Malware

Uploaded on 2024-03-01 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The SecOps experts at Picus Security have released their 2024 Red Report, which shares conclusions from an in-depth analysis of more than 600,000 real-world malware samples and identifies the most common techniques leveraged by attackers.

Picus has uncovered a surge of “Hunter-killer” malware from the research findings, demonstrating a drastic shift in adversaries’ ability to identify and neutralise advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR.

According to the report, there was a 333% increase in malware that can actively target defensive systems in an attempt to disable them.

“We are witnessing a surge in ultra-evasive, highly aggressive malware which shares the characteristics of hunter-killer submarines,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs. “Just as these subs move silently through deep waters and launch devastating attacks to defeat their targets’ defenses, new malware is designed to not only evade security tools but actively bring them down.

“We believe cyber criminals are changing tact in response to the security of average businesses being much-improved, and widely used tools offering far more advanced capabilities to detect threats... A year ago, it was relatively rare for adversaries to disable security controls. Now, this behavior is seen in a quarter of malware samples and is used by virtually every ransomware group and APT group.”

The Red Report helps security teams better understand and battle cyber attacks by identifying the Top 10 most prevalent MITRE ATT&CK techniques exhibited by the latest malware. Its insights help prioritise defensive actions against commonly used techniques.

Additional key findings include:

  • Evolving tactics challenge detection and response:  70% of malware analysed now employ stealth-oriented techniques by attackers, particularly those that facilitate evading security measures and maintaining persistence in networks.
  • Invisibility at the forefront of evasion:   There was a 150% increase in the use of T1027 Obfuscated Files or Information. This highlights a trend toward hindering the effectiveness of security solutions and obfuscating malicious activities to complicate the detection of attacks, forensic analysis, and incident response efforts.
  • The ransomware saga continues:   There was a 176% increase in the use of T1071 Application Layer Protocol, which are being strategically deployed for data exfiltration as part of sophisticated double extortion schemes.

To combat Hunter-killer malware and stay ahead of 2024 malware trends, Picus is urging organisations to embrace machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cyber criminals.

It is particularay difficult to detect a malware attack whch has disabled or reconfigured security tools, which alhough netralised, may appear to be working as expected.

Picus advise that preventing such under the radar attacks requires the use of multiple security controls, with security validation as the a starting point for organisations to better understand their readiness and identify gaps.

“Unless an organisation is proactively simulating attacks to assess the response of its EDR, XDR, SIEM, and other defensive systems that may be weakened or eliminated by Hunter-killer malware, they will not know they are down until it is too late.” commented Hüseyin Can Yüceel, Security Research Lead at Picus Security

Picus Security        Image: Slim3D

You Might Also Read: 

Rhysida Ransomware Cracked & Decrypted:

DIRECTORY OF SUPPLIERS - Threat Detection & Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Data Breach - Bank of America Warns Clients & Customers
Deepfakes Complicate Election Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Security Current

Security Current

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Exabeam

Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

BlueHalo

BlueHalo

BlueHalo is purpose-built to provide industry capabilities in the domains of Space Superiority and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.