There has been a significant surge in hunter-killer malware, with a 333% rise, according to the latest Picus Red Report.
The fourth edition of this annual report revealed insights from the analysis of over 600,000 real-world malware samples, pinpointing the most frequently used techniques by attackers. The study found a significant shift in the strategies of cyber attackers, notably the emergence of malware designed to actively seek out and disable security defenses.
“We are witnessing a surge in ultra-evasive, highly aggressive malware which shares the characteristics of hunter-killer submarines,” said Dr. Suleyman Ozarslan, Picus Security co-founder and vice president of Picus Labs.
“Just as these subs move silently through deep waters and launch devastating attacks to defeat their targets’ defenses, new malware is designed to not only evade security tools but actively bring them down,” he added.
Dr. Ozarslan further explained the strategic pivot in cybercriminal behavior, attributing it to the significantly enhanced security measures of businesses and the advanced threat detection capabilities of widely used tools. He highlighted a notable shift from the past year, stressing, “A year ago, it was relatively rare for adversaries to disable security controls. Now, this behavior is seen in a quarter of malware samples and is used by virtually every ransomware group and APT group.”
How to deal with Hunter-killer malware
To deal with Hunter-killer malware, the security validation company urged organizations to embrace machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cybercriminals.
According to Huseyin Can Yuceel, Security Research Lead at Picus Security, “It can be incredibly difficult to detect if an attack has disabled or reconfigured security tools, because they may still appear to be working as expected.”
Yuceel reiterated, “Preventing attacks that would otherwise operate under the radar requires the use of multiple security controls with a defense-in-depth approach. Security validation must be a starting point for organizations to better understand their readiness and identify gaps.”
He then warned that “unless an organization is proactively simulating attacks to assess the response of its EDR, XDR, SIEM, and other defensive systems that may be weakened or eliminated by Hunter-killer malware, they will not know they are down until it is too late.”
Other key findings of the Red Report 2024
The research also revealed that 70% of analyzed malware now employ stealth-oriented techniques by attackers, particularly those that facilitate evading security measures and maintaining persistence in networks. It spotted a noticeable 150% increase in the use of T1027 Obfuscated Files or Information, showcasing a hacker’s ability to conceal their malicious activities and hinder digital forensics and incident response efforts.
In addition to this, there has been a 176% surge in the use of ransomware or T1071 Application Layer Protocol. These malicious tools are strategically employed for data exfiltration, forming integral components of sophisticated double extortion schemes.
Featured image: Canva
