Surge in Volumes of Hunter-Killer Malware Observed

The Picus Security annual report reveals a significant increase in specialised hunter-killer malware that can identify and disable key cyber security tools. This surge in volume demonstrates a shift in threat actors’ ability to neutralize enterprise defenses. The malware is designed to evade security tools and actively bring them down, similar to hunter-killer submarines. Previously, it was rare for adversaries to disable security controls, but now this behavior is seen in a quarter of malware samples and is used by ransomware and APT groups. The use of hunter-killer malware has become the third most observed technique in 2023 according to Mitre ATT&CK. The report also highlights the repurposing of cyber security utilities as malicious tools, with examples such as the LockBit ransomware crew turning Kaspersky’s TDSSKiller anti-rootkit utility into a weapon. The surge in this type of malware reflects a wider trend of threat actors optimizing their chances of successful attacks by evading cyber defenses. About 70% of malware now employs stealth techniques to evade detection, and there has been a doubling in the use of obfuscated files or information. Detecting if an attack has disabled or reconfigured security tools can be challenging, highlighting the importance of multiple security controls and proactive security validation. The report also lists the most commonly observed Mitre ATT&CK tactics, techniques, and procedures (TTPs). To combat hunter-killer malware, organizations are advised to validate their defenses against the Mitre ATT&CK framework and consider using machine learning as an assistant.

Unlock your business potential with our expert guidance. Get in touch now!

tr_20250117-easy-ways-to-ruin-your-smartphone.jpg

Frequent Reasons for Phone Damage

tr_20250117-office-365-windows-10-end-support.jpg

Microsoft to Discontinue Support for Office 365 Applications on Windows 10 in October

business-leadership-boats-adobe.jpg

The Diminishing Tenure of CIOs: Implications and Significance

AdobeStock_485825620.jpg

The Top 6 Crypto-Friendly Banks Assessed for 2025

post-office-istock.jpg

How the Post Office’s Military Culture and the ‘Infallible Computers Illusion’ Ruined Lives

tr_20250115-google-workspace-gemini-pricing-plans.jpg

Google Workspace Plans to Experience Price Increase as Gemini AI Rolls Out to All Levels

IT-failure-downtime-error-stress-2-adobe.jpeg

The Hidden Emotional Toll of Cyber Attacks on Employees