PRESS RELEASE
SAN FRANCISCO, February 13, 2024 /PRNewswire/ — Maximum safetythe security validation company, released the file Red Peak Report 2024. This fourth annual report shares lessons learned from an in-depth analysis of more than 600,000 real-world malware samples and identifies the most common techniques exploited by attackers. This year, Picus discovered a wave of “Hunter-killer” malware from its research findings, demonstrating a dramatic shift in adversaries’ ability to identify and neutralize advanced enterprise defenses such as next-generation firewalls, antivirus, and EDR. According to the report, there has been a 333% increase in malware that actively targets defensive systems in an attempt to disable them.
“We are seeing a surge in ultra-evasive, highly aggressive malware that shares characteristics of hunter-killer submarines,” said Dr. Suleyman Ozarslan, co-founder of Picus Security and vice president of Picus Labs. “Just as these submarines move silently through deep waters and launch devastating attacks to defeat their targets’ defenses, the new malware is designed not only to evade security tools but also actively take them down. We believe cybercriminals are changing their tactics in response to the security of average Businesses have improved a lot, and widely used tools offer much more advanced capabilities to detect threats. A year ago, it was relatively rare for hackers to disable security controls. Now, this behavior is observed in a quarter of malware samples and is used by virtually every ransomware group and APT group.”
The Red Report helps security teams better understand and combat cyber attacks by identifying the 10 most prevalent MITER ATT&CK techniques exhibited by the latest malware. His insights help prioritize defensive actions against commonly used techniques. Additional key findings include:
-
Evolving tactics challenge detection and response: 70% of malware analyzed now employs stealth techniques by attackers, particularly those that make it easier to circumvent security measures and maintain persistence in networks.
-
Invisibility at the forefront of escapism: There has been a 150% increase in usage of T1027 Obfuscated files or information. This highlights a tendency to hinder the effectiveness of security solutions and obfuscate malicious activity to complicate attack detection, forensic analysis and incident response efforts.
-
The ransomware saga continues: There was a 176% increase in the use of T1071 Application layer protocolwhich are strategically used for data exfiltration as part of sophisticated double extortion schemes.
To combat Hunter-killer malware and stay ahead of 2024 malware trends, Picus urges organizations to embrace machine learning, protect user credentials, and constantly validate their defenses against the latest tactics and techniques used by cybercriminals .
“It can be incredibly difficult to detect whether an attack has disabled or reconfigured security tools, because it may appear that they are still working as intended,” said Huseyin Can YUCEEL, Security Research Lead at Picus Security. “Preventing attacks that would otherwise operate under the radar requires the use of multiple security controls with a defense-in-depth approach. Security validation must be a starting point for organizations to better understand their preparedness and identify gaps. A Unless an organization is proactively simulating attacks to evaluate the response of its EDR, XDR, SIEM, and other defensive systems that could be weakened or eliminated by Hunter-killer malware, they will not know they are down until it is too late .”
For more information:
Methodology
Between January 2023 and December 2023, Picus Labs, the research unit of Picus Security, analyzed 667,401 unique files, of which 612,080 (92%) were classified as malicious. Sources of these files include, but are not limited to, commercial and open source threat intelligence services, security vendors and researchers, malware sandboxes, malware databases, and forums. A total of 7,754,801 actions were extracted from these files, with an average of 13 malicious actions per malware. These actions were then mapped to 7,015,759 MITER ATT&CK techniques, an average of 11 techniques per malware.
To compile the Top Ten in the 2024 Picus Red Report, Picus Labs researchers determined the number of malicious files that used each technique. They then calculated the percentage of malware in the dataset that used this technique. For example, the Process T1055 The injection technique was used in 195,044 (32%) of the 612,080 malicious files analyzed.
About Picus Security
Picus Security helps security teams consistently and accurately validate their security posture. Our security validation platform simulates real-world threats to evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities.
As the pioneers of breach and attack simulation, we specialize in providing the actionable intelligence our customers need to be proactive and threat-focused.
Picus has been named a ‘Cool Vendor’ by Gartner and is recognized by Frost & Sullivan as a leader in the breach and attack simulation (BAS) market.