Adversaries step up attacks that disable enterprise defenses.
Threat actors have stepped up their efforts over the last year to launch attacks aimed at disabling enterprise defenses, according to the annual Red Report released Tuesday by Picus Security. The findings demonstrate a drastic shift in adversaries’ ability to identify and neutralize advanced enterprise defenses, such as next-generation firewalls, antivirus software, and EDR solutions, the report noted. It added that there was a 333% increase over the last year in this kind of “killer-hunter” malware that can actively target defensive systems in an attempt to disable them.
“It was a surprise for us because hunter-killer malware wasn’t even in our top 10 last year,” says Picus co-founder and Vice President Suleyman Ozarslan. “A 333% increase is the biggest jump in the history of our reports. It represents a shift toward more destructive cyber threats and poses a significant challenge for defenders. Organizations should be focused on these attacks this year.”
According to the report, which is based on an analysis of more than 600,000 real-world malware samples, cybercriminals are changing their tactics in response to the much-improved security of the average business and the wide use of tools offering more advanced capabilities to detect threats. A year ago, the report noted, it was relatively rare for adversaries to disable security controls. Now, this behavior is seen in a quarter of malware samples and is used by virtually every ransomware and APT group.
“The rise of hunter-killer malware marks a substantial evolution in cyber threats, requiring cybersecurity industries to adopt more dynamic and proactive defense mechanisms. Traditional defense strategies might be insufficient as these new malware types aim to undermine them directly,” says Callie Guenther, cyber threat research senior manager at Critical Start, a national cybersecurity services company. “The extended dwell times enabled by disabling cyber protections pose a significant risk, as malware can remain undetected longer, increasing potential damage.”
To combat hunter-killer malware, the report advised organizations to embrace machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cybercriminals. “Defenses need to be always up to deal with these types of attacks,” Ozarsian says. “We suggest doing continuous attack simulations to understand the effectiveness of defensive systems against hunter-killer cyberattacks.”
Defense schemes that use behavioral analysis are necessary because many of these adversaries are “living off the land,” Ozarsian adds, using the same tools that IT departments and in some cases security teams, use to accomplish their objectives. “The Loki ransomware group, for example, used Kaspersky’s TDSSKiller utility to disable security defenses,” he says.
The Red Report gives security teams a 12-month view of the most prevalent MITRE ATT&CK techniques exhibited by the latest malware. Other findings in this year’s report included:
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix. Disclosure: He also writes for Hewlett-Packad’s marketing website TechBeacon.
Sponsored Links
