Hunter killer pandemic, newly discovered malware by Picus Security, shows that new malware is designed not only to evade detection tools, but also to take them down
CLM, a Latin American value-added distributor focused on information security, data protection, cloud and infrastructure for data centers, warns of the global pandemic of Hunter-killer malware, discovered by Picus Security, a security validation company.
This pest, which disables security controls, grew by 333% in 2023, according to the Picus Red Report 2024, carried out by Picus.
In its fourth annual report, Picus Labs, a research unit at Picus Security, analyzed 667,401 files, of which 612,080 (92%) were categorized as malicious, based on samples of attacks carried out between January and December 2023. It also identified the techniques most common used by attackers and discovered a “Hunter-killer” pandemic.
For Tom Camargo, Vice President of CLM, which distributes Picus solutions in Latin America, the Picus Labs discovery demonstrates a drastic change in the ability of cyber attackers to identify and neutralize advanced enterprise defenses, such as firewalls, antiviruses and state-of-the-art EDRs. generation. “The name of the Hunter Killer malware is an allusion to the 2018 film, which in Brazil is called Fury on the High Seas, and takes place on a United States submarine that monitors Russian actions. The fact is that this pest has the capacity to reach and disable defense systems”, he explains.
The Hunter Killer is highly cunning and aggressive; acts silently and launches destructive attacks to defeat corporate defenses. Picus explains that new malware is designed not only to evade detection tools, but also to take them down. To combat the Hunter killer, CLM and Picus encourage the adoption of artificial intelligence, with machine learning, solutions and protection of user credentials and constant validation of defenses against the latest tactics and techniques of cybercriminals.
The study also found that 70% malware employs stealthy techniques to evade detection and remain on networks.
“We believe that cybercriminals are changing their ways in response to significantly improved corporate cybersecurity and widely used tools that offer much more advanced capabilities for detecting threats. A year ago, it was relatively rare for attackers to disable security controls. This behavior is now observed in a quarter of malware samples and is used by virtually all ransomware groups and APT groups,” says the Picus Red Report 2024.
There has been a 150% increase in the use of obfuscated files or information, which shows a tendency to disrupt security effectiveness and obfuscate malicious activity to complicate attack detection, forensic analysis, and incident response efforts.
The survey reveals another worrying trend: 21% of the analyzed malware samples have the ability to encrypt data. Additionally, it identified a 176% increase in the use of the T1071 Application Layer protocol, which is deployed for data exfiltration as part of sophisticated double extortion schemes. High-profile ransomware cases in 2023 testify to the critical impact of these techniques, which played essential roles in attacks such as BlackCat/AlphV against NCR and Henry Schein, Cl0p against the US Department of Energy, Royal that invaded the city of Dallas, LockBit at Boeing, CDW and MCNA and the Scattered Spider that infiltrated MGM Resorts and Caesars Entertainment.
It can be incredibly difficult to detect whether an attack has disabled or reconfigured security tools because they still appear to work as expected. Therefore, CLM and Picus recommend:
Attack prevention requires the use of multiple security controls with a defense-in-depth approach. Security validation should be the starting point for organizations to better understand their preparedness and identify gaps. Unless an organization proactively simulates attacks to assess the response of its email systems, firewalls, EPP, EDR, XDR, SIEM, and other defensive systems that could be weakened or eliminated by Hunter-killer malware, no one will know they are down until it's too late.
EN 
PT 
