Your security defences will dive, dive, dive unless you sink hunter-killer malware
New research finds that malware targeting and taking down security controls has risen by more than 300% in the last year. Dubbed ‘hunter-killer’ malware by researchers at Picus Security, it represents a far-reaching change in how threat actors are able to both identify and counteract advanced enterprise defences.
The newly published Picus Red Report analysed 600,000 malware samples to identify the tactics and techniques most often used by threat actors, from ransomware gangs to nation-state adversaries.
The massive upswing in the use of hunter-killer tools, an increase of 333% over the previous year, reveals how malware is evolving and attackers are embracing this defence-neutralising playbook.
Whereas just 12 months ago it was rare for attackers to successfully disable security controls, researchers found that such behaviour is now employed by just about every ransomware group.
Stealth attacks
The researchers also found that attackers are, unsurprisingly, obsessed with remaining stealthy. 70% of analysed samples used some kind of stealth-oriented technique to evade detection by security measures and so ensure the best chance of network persistence.
The notion that purely persistence is the playground of nation-state sponsored espionage groups should finally be laid to rest. The use of obfuscated files or information increased by 150% over the previous year, and the application layer protocol, deployed for data extraction, was up 176%.
But it’s the hunter-killer malware, sharing characteristics of the submarines carrying the same name, that is of most concern for being ultra-evasive and highly aggressive.
“Just as these subs move silently through deep waters and launch devastating attacks to defeat their targets’ defences,” says Dr Suleyman Ozarslan, Picus Security Co-Founder, “new malware is designed to not only evade security tools but actively bring them down.”
Ozarslan says the change to this tactic has likely been driven in response to more organisations now being better defended by threat detection systems and services.
Detecting hunter-killer malware
“It can be incredibly difficult to detect if an attack has disabled or reconfigured security tools, because they may still appear to be working as expected,” says Huseyin Can Yuceel, Security Research Lead at Picus Security.
“Preventing attacks that would otherwise operate under the radar requires the use of multiple security controls with a defence-in-depth approach.”
Dr Ozarslan told TechFinitive that organisations should consider employing behavioural analysis and machine learning for threat detection. Regular audits, including updating your whitelisting policies, should also enhance your defences.
Other ways to stay ahead of hunter-killer malware? Prioritise credential protection and lateral movement mitigation using multi-factor authentication – and implement least-privileged access principles.
NEXT UP
Don’t call it quishing but, please, do take it seriously
Is that a genuine QR code you see before you? Better make sure, or you’ll be yet another victim of a quishing attack
Navigating cybersecurity challenges in advanced manufacturing
Integrating new advanced technologies is one of the biggest cybersecurity challenges the manufacturing is facing – here’s why.
Maarten Gijssel, Managing Partner at IDRO: “Athletes can now receive instantaneous feedback on their lactate levels during training and competition”
We interview Maarten Gijssel, Managing Partner at IDRO, serial entrepreneur, clinical health scientist and former sports physio.