A malware method called "Hunter-Killer" is being developed, based on the analysis of more than 600,000 malware samples. This approach may become the norm for advanced attacks.
See also: Malicious Google ads trick Mac users into installing Atomic Stealer malware
The malware method called "Hunter-Killer" has seen a particular increase in recent times. The name comes from modern submarine warfare: submarines remain hidden until they strike. The use of the Hunter-Killer method increased in 2023 and is expected to continue to grow. The conclusions drawn from the Report “The Rise of Hunter-Killer Malware" are derived from an analysis of the ten most widely used MITRE ATT&CK techniques.
Furthermore, during 2023, Picus analysed 600,000 malware samples (and highlighted an average of 13 malicious activities per sample under ATT@CK), however, it points out that this is only a subset of the overall malware landscape. "This restriction may introduce a bias in the visibility of the types and behaviours of malware", the researchers warn.
Nevertheless, the company's conclusions are clear and unequivocal. The four most commonly used malware methods are all aspects of the Hunter-Killer method - and the use of each increased dramatically during 2023. The top four threats are the following: T1055 (process injection), T1059 (command and scripting interpreter), T1562 ((impair defenses) and T1082 (system information discovery). In fifth place, comes "Vanguard", with T1486 (data encrypted for impact) and in seventh place, T1071 (application layer protocol).
There is increased use of avoidance and obstacles in the defense before the delivery of the malware.
T1055. The process injection is a key element of the technique for inserting malicious code into a legitimate process. The main use for the attacker is to avoid detection and increase privileges. Found in 32% (195,044) of malware samples, up from 22% in 2022 (an increase of 45%).
T1059. The Hunter-Killer malware method command and scripting interpreter provides a similar effect. It allows the attacker to disguise malicious activities using physical Tools (as PowerShell, VBScript, Unix Shell, AppleScript and others) and avoid traditional hacks. It was found in 174,118 (28%) out of 600,000 samples.
See also: New Python variant of Chaes Malware targets banking and logistic industries
T1562. The technique "impaired defenses" is used to disrupt defensive methods - it is essentially the more offensive side of evasion. The ATT@CK defensive evasion technique was detected in 158,661 malware samples (26%). There was an increase of 333% over the previous year. According to the researchers, this signifies a significant change in cyber attack strategies.
T1082. The System information discovery is used to collect information about the network, including hardware, software and network configurations. It can be used to identify systems known to be exploitable, or it can be used to identify software suitable for more persistent, stealthy presence.
The fifth and seventh dominant malware method Hunter-Killer, helps explain the increase in the first four. The first of these is an integral part of the ransomware, so its spread is not surprising. The number of cases of wipers (encryption without decryption capability) has also increased in the last couple of years, linked to the Russia/Ukraine war.
The second is T1071, which is used for data extraction. Picus links data leakage and encryption to the growing epidemic of double-blackmail ransomware attacks, citing BlackCat/AlphV against NCR and Henry Schein, Cl0p attacking the US Department of Energy, Royal in the city of Dallas, the attacks of LockBit against the Boeing, CDW and MCNA, and Scattered Spider infiltrating MGM Resorts and Caesars Entertainment as examples.
See also: Payment apps are at risk of Malware attacks!
It's hard to come to any conclusion other than that attackers are becoming increasingly sophisticated in their attacks, using Hunter-Killer malware methods to evade detection and weaken defensive methods before moving on to the real purpose of the Vanguard crew doom.
How can Hunter-Killer Malware be dealt with?
- Dealing with Hunter-Killer Malware requires a number of strategies. First, it is necessary to install a reliable security software that can detect and remove the malware.
- Secondly, users should be careful with the emails and attachments they receive, as Hunter-Killer Malware can spread through seemingly innocent messages.
- Thirdly, it is important to keep systems and software up to date, as older versions may contain vulnerabilities that the malware can exploit.
- Fourth, the use of a private virtual network (VPN) can help protect user data from malware monitoring.
- Finally, periodic backups of important data can help restore losses in the event that the system infected by the Hunter-Killer Malware.
Source: securityweek
![Pinterest](https://pinterest.com/pin/create/button/?url=https://www.secnews.gr/en/518632/methodos-malware-hunter-killer-killer-sinexizei-anaptissetai/&media=https://www.secnews.gr/wp-content/uploads/2024/02/Η-μέθοδος-malware-Hunter-Killer-συνεχίζει-να-αναπτύσσεται.jpg&description=Μια μέθοδος malware με την ονομασία "Hunter-Killer" αναπτύσσεται, βασιζόμενη σε ανάλυση περισσότερων από 600.000 δειγμάτων.){kind=link}