Surge in “Hunter-Killer” Malware

Uploaded on 2024-03-01 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The SecOps experts at Picus Security have released their 2024 Red Report, which shares conclusions from an in-depth analysis of more than 600,000 real-world malware samples and identifies the most common techniques leveraged by attackers.

Picus has uncovered a surge of “Hunter-killer” malware from the research findings, demonstrating a drastic shift in adversaries’ ability to identify and neutralise advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR.

According to the report, there was a 333% increase in malware that can actively target defensive systems in an attempt to disable them.

“We are witnessing a surge in ultra-evasive, highly aggressive malware which shares the characteristics of hunter-killer submarines,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs. “Just as these subs move silently through deep waters and launch devastating attacks to defeat their targets’ defenses, new malware is designed to not only evade security tools but actively bring them down.

“We believe cyber criminals are changing tact in response to the security of average businesses being much-improved, and widely used tools offering far more advanced capabilities to detect threats... A year ago, it was relatively rare for adversaries to disable security controls. Now, this behavior is seen in a quarter of malware samples and is used by virtually every ransomware group and APT group.”

The Red Report helps security teams better understand and battle cyber attacks by identifying the Top 10 most prevalent MITRE ATT&CK techniques exhibited by the latest malware. Its insights help prioritise defensive actions against commonly used techniques.

Additional key findings include:

  • Evolving tactics challenge detection and response:  70% of malware analysed now employ stealth-oriented techniques by attackers, particularly those that facilitate evading security measures and maintaining persistence in networks.
  • Invisibility at the forefront of evasion:   There was a 150% increase in the use of T1027 Obfuscated Files or Information. This highlights a trend toward hindering the effectiveness of security solutions and obfuscating malicious activities to complicate the detection of attacks, forensic analysis, and incident response efforts.
  • The ransomware saga continues:   There was a 176% increase in the use of T1071 Application Layer Protocol, which are being strategically deployed for data exfiltration as part of sophisticated double extortion schemes.

To combat Hunter-killer malware and stay ahead of 2024 malware trends, Picus is urging organisations to embrace machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cyber criminals.

It is particularay difficult to detect a malware attack whch has disabled or reconfigured security tools, which alhough netralised, may appear to be working as expected.

Picus advise that preventing such under the radar attacks requires the use of multiple security controls, with security validation as the a starting point for organisations to better understand their readiness and identify gaps.

“Unless an organisation is proactively simulating attacks to assess the response of its EDR, XDR, SIEM, and other defensive systems that may be weakened or eliminated by Hunter-killer malware, they will not know they are down until it is too late.” commented Hüseyin Can Yüceel, Security Research Lead at Picus Security

Picus Security        Image: Slim3D

You Might Also Read: 

Rhysida Ransomware Cracked & Decrypted:

DIRECTORY OF SUPPLIERS - Threat Detection & Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Data Breach - Bank of America Warns Clients & Customers
Deepfakes Complicate Election Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

CyberSN

CyberSN

CyberSN is your essential partner in cybersecurity workforce risk management offering solutions that empower leaders to diversify, acquire, retain, and develop their cybersecurity teams.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

Maverits

Maverits

At Maverits, we are on a mission to reshape the cybersecurity landscape. We offer a wide range of services, including Threat Intelligence, Incident Response, Consulting & Training.