"Search and Destroy" Malware Rises: What Best Practices Can Help Protect Organizations?

July 25, 2024

Malware designed to seek out and disable enterprise security defenses has surged in popularity over the past year to comprise 26 percent of all detections in 2023, according to cybersecurity vendor Picus Security's annual Picus Red Report 2024 which analyzed 612,080 malicious files last year.

The report suggests that cybercriminals are changing their tactics in response to the much-improved security of average businesses and the use of better tools offering far more advanced capabilities to detect threats.

A year ago, it was relatively rare for cybercriminals to disable security controls. Now, this behavior is used by almost every ransomware group and nation state.

This malware category, which increased in volume by 333 percent from 2022 to 2023, is characterized by taking legitimate anti-malware programs and converting them into tools to infect a system.

Overall, 70 percent of malware analyzed now employs stealth-oriented techniques. Moreover, there is a 150 percent annual increase in the use of a technique through which cybercriminals try to hide malicious activity to make detection of attacks, forensic analysis, and incident response more difficult for network defenders. Phil Muncaster, "Stealthy "Hunter-Killer" Malware Detections Surge 333 Percent Annually" infosecurity-magazine.com.com (Feb. 14, 2024)

Commentary

The ability to disable an anti-malware program and use it against the system it was designed to protect, all the while making it appear that the anti-malware program is working correctly, elevates cyberattacks to a new level.

One way to counter this type of threat is for organizations to employ even more sophisticated programs that can detect this type of "hunter-killer" malware. However, even entry-level users of a system have a role to play in defending against this type of infection.

The vast majority of this type of malware is delivered via invitation of users. Email and text messages remain the most common delivery method.

Selecting a link, downloading an attached file, or simply going to a website and divulging credentials because of an invitation from an unsolicited email or text is the most common way malware is introduced onto a system.

Training, education, and knowledge of social engineering techniques are the cornerstones of a solid network defense strategy.

Should prevention practices fail, employees must know whom to contact if they believe they are a victim of an attack. If possible, create a helpline or online chat line for employees who have cybersecurity questions. Encourage employees to ask first if they think an online action, response, or practice could be unsafe.

Finally, your opinion is important to us. Please complete the opinion survey: