Recently Picus Security released their Red Report (2024). This is their fourth annual report of the kind. The report featured the analysis of over 600,000 malware sample and includes the most common techniques by the threat actors.
The latest report shows a growing number of use regarding “hunter-killer” malware. This marks a shift in attacker TTPs in their ability to identify and disable endpoint detection and response (EDR), antivirus, and firewalls. The report showed a 333% increase in malware that can target these systems.
The report also showed there was nearly a 150% increase in the of obfuscated files. This shows attackers are taking the time to make their attacks more clandestine. In addition, the report shows over a 175% increase in the use of the application layer protocol (T1071 MITRE) abuse to evade detection and blend with network traffic.
Attackers use several different protocols in including DNS, SMB, SSH, or RDP. Many of these are used for command and control (C2/C2C) and data exfiltration. Over 70% of malware now employs some stealth techniques to avoid detections.
We can help protect our security devices by using machine learning (already in use in some), protect the credentials, and always audit our defenses against the latest TTPs!