Picus Security reveals the rise in hunter-killer malware, highlighting significant changes in adversaries' ability to accurately identify and thwart advanced corporate defenses such as next-generation firewalls, antivirus programs, and EDR systems .
333% increase in malware that can actively attack defense systems in an attempt to disable them.
Identifying Hunter Killer Malware
These malware strains resemble the stealthy and aggressive nature of hunter-killer submarines, allowing them to precisely evade security measures and exploit security tools, firewalls, logging services, auditing systems, and other protections within the infected system. Actively seek out means to thwart it. Hunter-killer malware is therefore not just evasion, but is characterized by targeted attacks on defense systems, similar to a submarine's pre-emptive strike, disabling defenses before an alarm is raised. Doing so paves the way for continued exploitation and control of the compromised environment.
The identification of hunter-killer malware represents a significant increase in cyber threats. These sophisticated malware carry out comprehensive attack campaigns that combine covert operations with proactive attacks on security controls, posing a high level of challenge to organizations' cyber defense efforts.
“We are seeing a surge in hyper-evasive and highly aggressive malware that shares characteristics of hunter-killer submarines,” said Dr. Suleyman Ozarslan, vice president of Picus Labs.
“Just as these submarines silently move through the deep oceans and launch devastating attacks to breach their targets’ defenses, new malware not only evades security tools, but actively attacks them. Designed to bring you down. We believe that security for the average business has improved significantly and in response to the widespread use of tools that provide much more advanced capabilities for detecting threats. , we believe that the attitudes of cybercriminals are changing. A year ago, it was relatively rare for adversaries to disable security controls. Today, this behavior occurs in malware samples as low as 4 minutes. 1 and used by virtually all ransomware and APT groups,” Ozerslan continued.
Detecting and responding to evolving tactical challenges
To ensure that cyber defenses are robust in theory and effective in practice, security teams leverage security validation to consistently test their readiness to prevent, detect, and respond to these advanced threats. , should be optimized. Additionally, by employing behavioral analytics and machine learning, security teams can better deploy defenses to predict and neutralize the hunter-killer components of modern threats.
70% of malware analyzed today uses stealth-oriented techniques by attackers, especially techniques that make it easier for them to evade security measures and maintain persistence within networks. Nearly a third of all malware analyzed has the potential to inject malicious code into legitimate processes, allowing attackers to gain elevated privileges while avoiding detection. there is.
T1027 Usage of obfuscated files or information increased by 150%. This highlights trends that hinder the effectiveness of security solutions and obfuscate malicious activity, complicating attack detection, forensic analysis, and incident response efforts.
Stay ahead of malware trends in 2024
Usage of the T1071 application layer protocol increased by 176%. It is strategically deployed for data theft as part of a sophisticated dual extortion scheme.
To combat hunter-killer malware and stay ahead of 2024's malware trends, Picus empowers organizations to employ machine learning to protect user credentials and defend against the latest tactics and techniques used by cybercriminals. We recommend that you consistently verify your policies.
“It is very difficult to detect whether a security tool has been disabled or reconfigured by an attack, as it may still appear to be working as expected.” said Hussein Khan Yusir, security research lead at Picus Security.
“Preventing attacks that fly under the radar requires using multiple security controls with a defense-in-depth approach. To better understand their readiness and identify gaps, organizations can Validation should be the starting point: organizations actively simulate attacks to assess the response of EDR, XDR, SIEM, and other defense systems that could be weakened or eliminated by hunter-killer malware. Unless you do, you won't know your system is down until it's too late.”