PRESS RELEASE
SAN FRANCISCO, Feb. 13, 2024 /PRNewswire/ — Picus Safety, the Safety Validation firm, has launched the Picus Pink Report 2024. This fourth annual report shares learnings from an in-depth evaluation of greater than 600,000 real-world malware samples and identifies the commonest methods leveraged by attackers. This 12 months, Picus uncovered a surge of “Hunter-killer” malware from the analysis findings, demonstrating a drastic shift in adversaries’ means to determine and neutralize superior enterprise defenses equivalent to next-gen firewalls, antivirus, and EDR. Based on the report, there was a 333% enhance in malware that may actively goal defensive techniques in an try and disable them.
“We’re witnessing a surge in ultra-evasive, extremely aggressive malware which shares the traits of hunter-killer submarines,” stated Dr. Suleyman Ozarslan, Picus Safety Co-founder and VP of Picus Labs. “Simply as these subs transfer silently by way of deep waters and launch devastating assaults to defeat their targets’ defenses, new malware is designed to not solely evade safety instruments however actively carry them down. We imagine cybercriminals are altering tact in response to the safety of common companies being much-improved, and broadly used instruments providing way more superior capabilities to detect threats. A 12 months in the past, it was comparatively uncommon for adversaries to disable safety controls. Now, this conduct is seen in 1 / 4 of malware samples and is utilized by nearly each ransomware group and APT group.”
The Pink Report helps safety groups higher perceive and battle cyber assaults by figuring out the Prime 10 most prevalent MITRE ATT&CK methods exhibited by the most recent malware. Its insights assist prioritize defensive actions towards generally used methods. Further key findings embody:
-
Evolving techniques problem detection and response: 70% of malware analyzed now make use of stealth-oriented methods by attackers, notably people who facilitate evading safety measures and sustaining persistence in networks.
-
Invisibility on the forefront of evasion: There was a 150% enhance in using T1027 Obfuscated Recordsdata or Info. This highlights a pattern towards hindering the effectiveness of safety options and obfuscating malicious actions to complicate the detection of assaults, forensic evaluation, and incident response efforts.
-
The ransomware saga continues: There was a 176% enhance in using T1071 Software Layer Protocol, that are being strategically deployed for information exfiltration as a part of refined double extortion schemes.
To fight Hunter-killer malware and keep forward of 2024 malware developments, Picus is urging organizations to embrace machine studying, shield person credentials, and persistently validate their defenses towards the most recent techniques and methods utilized by cybercriminals.
“It may be extremely troublesome to detect if an assault has disabled or reconfigured safety instruments, as a result of they might nonetheless seem like working as anticipated,” stated Huseyin Can YUCEEL, Safety Analysis Lead at Picus Safety. “Stopping assaults that might in any other case function underneath the radar requires using a number of safety controls with a defense-in-depth method. Safety validation should be a place to begin for organizations to higher perceive their readiness and determine gaps. Except a company is proactively simulating assaults to evaluate the response of its EDR, XDR, SIEM, and different defensive techniques which may be weakened or eradicated by Hunter-killer malware, they won’t know they’re down till it’s too late.”
For extra info:
Methodology
Between January 2023 and December 2023, Picus Labs, the analysis unit of Picus Safety, analyzed 667,401 distinctive information, with 612,080 (92%) categorized as malicious. Sources of those information embody however usually are not restricted to business and open-source menace intelligence companies, safety distributors and researchers, malware sandboxes, malware databases, and boards. From these information, a complete of seven,754,801 actions have been extracted, a median of 13 malicious actions per malware. These actions have been then mapped to 7,015,759 MITRE ATT&CK methods, a median of 11 methods per malware.
To compile the Picus Pink Report 2024 Prime Ten, Picus Labs researchers decided the variety of malicious information that used every method. They then calculated the share of malware within the dataset that utilized that method. For instance, the T1055 Course of Injection method was utilized in 195,044 (32%) of the 612,080 malicious information analyzed.
About Picus Safety
Picus Safety helps safety groups persistently and precisely validate their safety posture. Our Safety Validation Platform simulates real-world threats to judge the effectiveness of safety controls, determine high-risk assault paths to vital belongings, and optimize menace prevention and detection capabilities.
Because the pioneer of Breach and Assault Simulation, we concentrate on delivering the actionable insights our clients have to be threat-centric and proactive.
Picus has been named a ‘Cool Vendor’ by Gartner and is acknowledged by Frost & Sullivan as a pacesetter within the Breach and Assault Simulation (BAS) market.
