The recent report by Picus Security highlights a surge in ‘hunter-killer’ malware [1], indicating a shift in attackers’ ability to bypass advanced enterprise defenses [1]. This specialized malware actively targets defensive systems with the aim of disabling them, and it has seen a significant increase in volume, comprising 26% of all detections in 2023 [4] [6]. Hunter-killer malware is utilized by various malicious groups, including ransomware and APT groups [5].
Description
The report reveals that this category of malware is associated with three main MITRE ATT&CK techniques: process injection, command and scripting interpreter [3] [4] [6], and impair defenses [4] [6]. Notably, impairing defenses [2] [4] [6], tracked as T1562 Impair Defenses [2], was the third most observed technique in 2023 [2]. The use of hunter-killer malware aligns with a broader trend of threat actors employing stealth techniques and obfuscated files to evade cyber defenses.
One of the challenges posed by hunter-killer malware is its ability to remain undetected and difficult to stop. Even if security tools have been disabled or reconfigured [4], they may still appear to be functioning properly. To combat this surge in malware [5], organizations are advised to embrace machine learning [5], protect user credentials [5], and consistently validate their defenses against the latest tactics and techniques used by cybercriminals [5].
To assess the readiness of defensive systems and identify any vulnerabilities, security validation and proactive simulation of attacks are essential [6]. By remaining vigilant and continuously evaluating and updating their security measures, organizations can better protect themselves against the growing threat of hunter-killer malware and other advanced cyber attacks.
Conclusion
The rise of hunter-killer malware represents a new era in cyber warfare [3], where advanced techniques are employed to infiltrate networks [3], gather sensitive information [3], and maintain a persistent presence [3]. Picus Security’s research highlights the increasing sophistication of threat actors, who are becoming more proactive in targeting and disrupting cybersecurity defenses [3]. With geopolitical tensions on the rise [3], the involvement of sophisticated adversaries [3], including state-sponsored APT groups [3], adds further complexity to the cybersecurity landscape [3]. Continuous assessment and validation of security measures are crucial to safeguard against stealthy attacks and ensure the resilience of network defenses against relentless cyber threats [3].
References
[1] https://betanews.com/2024/02/13/hunter-killer-malware-able-to-neutralize-advanced-defenses/
[2] https://www.computerweekly.com/news/366569897/Hunter-killer-malware-volumes-seen-surging
[3] https://cybermaterial.com/rise-of-hunter-killer-malware/
[4] https://ciso2ciso.com/stealthy-hunter-killer-malware-detections-surge-333-annually-source-www-infosecurity-magazine-com/
[5] https://finance.yahoo.com/news/surge-hunter-killer-malware-uncovered-050100842.html
[6] https://www.infosecurity-magazine.com/news/hunterkiller-malware-detections/
