The Picus Red Report 2024 highlights a dramatic 333% increase in malware designed to target and disable security controls. Released by Picus Security, this annual report, based on an analysis of over 600,000 real-world malware samples, reveals a significant rise in "Hunter-killer" malware. This advanced type of malware is now capable of identifying and neutralizing sophisticated enterprise defenses such as next-generation firewalls, antivirus software, and endpoint detection and response (EDR) systems.
The report indicates a marked shift in attack strategies, with a significant portion of modern malware now exhibiting capabilities that were rare just a year ago. These capabilities include advanced evasion techniques and methods to disable security controls, which are becoming standard in the arsenals of ransomware groups and advanced persistent threat (APT) actors. This trend reflects a broader change in the cyber threat landscape, with attackers increasingly employing methods to compromise widely used security tools.
In addition to providing a detailed overview of these cyber threats, the Red Report offers actionable insights for security teams. It highlights the top 10 most prevalent MITRE ATT&CK techniques observed in the latest malware, emphasizing the need for a multi-layered defense strategy. Key observations include a significant rise in stealth techniques aimed at evading detection and maintaining persistence in networks, and an increase in the use of obfuscation methods to hinder forensic analysis and incident response.
The report also notes a substantial uptick in the use of application layer protocols (T1071) for data exfiltration, particularly in ransomware attacks involving double extortion schemes. To mitigate these risks, Picus advises organizations to integrate machine learning into their digital security frameworks, enhance user credential protection, and consistently validate their defenses against emerging cyber threats.
This proactive stance is crucial for detecting and countering the advanced tactics used by modern malware. By simulating attacks and rigorously testing the resilience of security systems, organizations can better understand their vulnerabilities and enhance their readiness against potential cyber threats. This comprehensive approach is essential in a landscape where the ability to disable or circumvent security measures is becoming increasingly common among attackers.