Picus Security, a leading Security Validation company, has recently unveiled its fourth annual Picus Red Report 2024. This comprehensive report offers valuable insights from an in-depth analysis of over 600,000 real-world malware samples, shedding light on the most common techniques leveraged by attackers. The report highlights a significant spike in the prevalence of “Hunter-killer” malware, indicating a notable shift in adversaries’ ability to identify and neutralize advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR.
Dr. Suleyman Ozarslan, Co-founder and VP of Picus Labs, expressed his concern over the surge in ultra-evasive, highly aggressive malware, drawing parallels to the stealthy and devastating attacks launched by hunter-killer submarines. This shift in tactics suggests that cybercriminals are adapting to the improved security measures implemented by businesses and the advanced capabilities of widely used security tools, as previously, disabling security controls was a rare behavior among adversaries. However, recent findings indicate that this behavior has been exhibited in a quarter of malware samples and is employed by almost every ransomware and APT group.
The Red Report aims to assist security teams in comprehending and combatting cyber threats by identifying the Top 10 most prevalent MITRE ATT&CK techniques exhibited by the latest malware. Through its insights, the report seeks to prioritize defensive actions against commonly used techniques. Key findings from the report include the evolving tactics employed by attackers to challenge detection and response, with 70% of analyzed malware employing stealth-oriented techniques. Additionally, there has been a 150% increase in the use of T1027 Obfuscated Files or Information, which complicates the detection of attacks, forensic analysis, and incident response efforts.
Moreover, the report highlights a 176% increase in the use of T1071 Application Layer Protocol in the deployment of sophisticated double extortion schemes as part of ransomware attacks. In light of these findings, Picus encourages organizations to leverage machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cybercriminals to combat Hunter-killer malware and stay ahead of 2024 malware trends.
Huseyin Can YUCEEL, Security Research Lead at Picus Security, emphasized the importance of using multiple security controls with a defense-in-depth approach to prevent attacks that could operate under the radar. YUCEEL highlighted the need for security validation to be a fundamental practice for organizations to assess their readiness and identify potential gaps. Picus Labs conducted the analysis for the Picus Red Report 2024 by examining 667,401 unique files, with 92% of them categorized as malicious. These files were sourced from various commercial and open-source threat intelligence services, security vendors, malware sandboxes, databases, and forums.
The report offers a valuable resource for organizations to understand and address the evolving landscape of cyber threats. Picus Security continues to lead the way in Security Validation, enabling security teams to consistently and accurately assess their security posture, identify high-risk attack paths, and optimize threat prevention and detection capabilities. Through actionable insights and innovative solutions, Picus strives to empower organizations to be threat-centric and proactive in their cybersecurity measures. The company has been recognized as a leader in the Breach and Attack Simulation (BAS) market, solidifying its position as a pioneer in the industry.