Surge in “Hunter-Killer” Malware

The SecOps experts at Picus Security have released their 2024 Red Report, which shares conclusions from an in-depth analysis of more than 600,000 real-world malware samples and identifies the most common techniques leveraged by attackers.

Picus has uncovered a surge of “Hunter-killer” malware from the research findings, demonstrating a drastic shift in adversaries’ ability to identify and neutralise advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR.

According to the report, there was a 333% increase in malware that can actively target defensive systems in an attempt to disable them.

“We are witnessing a surge in ultra-evasive, highly aggressive malware which shares the characteristics of hunter-killer submarines,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs. “Just as these subs move silently through deep waters and launch devastating attacks to defeat their targets’ defenses, new malware is designed to not only evade security tools but actively bring them down.

“We believe cyber criminals are changing tact in response to the security of average businesses being much-improved, and widely used tools offering far more advanced capabilities to detect threats... A year ago, it was relatively rare for adversaries to disable security controls. Now, this behavior is seen in a quarter of malware samples and is used by virtually every ransomware group and APT group.”

The Red Report helps security teams better understand and battle cyber attacks by identifying the Top 10 most prevalent MITRE ATT&CK techniques exhibited by the latest malware. Its insights help prioritise defensive actions against commonly used techniques.

Additional key findings include:

  • Evolving tactics challenge detection and response:  70% of malware analysed now employ stealth-oriented techniques by attackers, particularly those that facilitate evading security measures and maintaining persistence in networks.
  • Invisibility at the forefront of evasion:   There was a 150% increase in the use of T1027 Obfuscated Files or Information. This highlights a trend toward hindering the effectiveness of security solutions and obfuscating malicious activities to complicate the detection of attacks, forensic analysis, and incident response efforts.
  • The ransomware saga continues:   There was a 176% increase in the use of T1071 Application Layer Protocol, which are being strategically deployed for data exfiltration as part of sophisticated double extortion schemes.

To combat Hunter-killer malware and stay ahead of 2024 malware trends, Picus is urging organisations to embrace machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cyber criminals.

It is particularay difficult to detect a malware attack whch has disabled or reconfigured security tools, which alhough netralised, may appear to be working as expected.

Picus advise that preventing such under the radar attacks requires the use of multiple security controls, with security validation as the a starting point for organisations to better understand their readiness and identify gaps.

“Unless an organisation is proactively simulating attacks to assess the response of its EDR, XDR, SIEM, and other defensive systems that may be weakened or eliminated by Hunter-killer malware, they will not know they are down until it is too late.” commented Hüseyin Can Yüceel, Security Research Lead at Picus Security

Picus Security        Image: Slim3D

You Might Also Read: 

Rhysida Ransomware Cracked & Decrypted:

DIRECTORY OF SUPPLIERS - Threat Detection & Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Data Breach - Bank of America Warns Clients & Customers
Deepfakes Complicate Election Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.