CIO Influence
CIO Influence News Security

Adversary-Sponsored Research Contests on Cybercriminal Forums Focus on New Methods of Attack and Evasion, Sophos Research Reveals

Adversary-Sponsored Research Contests on Cybercriminal Forums Focus on New Methods of Attack and Evasion, Sophos Research Reveals

Criminal Community-Sponsored Contests Mirror Cybercrime Trends, Such as Disabling AV/EDR, Cryptocurrency Fraud, and C2 Frameworks

Sophos, a global leader in innovating and delivering cybersecurity as a service announced that it has uncovered how research contests run by cybercrime forums are helping to inspire new methods of attack and detection evasion. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also potential jobs. As outlined in Sophos X-Ops latest report, “For the Win? Offensive Research Contests on Criminal Forums,” these contests are designed to drive innovation, and when analyzed, the entries provide invaluable insight into how cybercriminals attempt to overcome security obstacles.

Recommended: We Need to Think Differently – Your Hybrid Connectivity Isn’t Really Hybrid

Despite the long-standing nature of competitions on criminal forums, they have evolved over the years. Early cybercrime contests involved trivia quizzes, graphic design competitions and guessing games. Now criminal forums are inviting attackers to ‘submit’ articles on technical topics, complete with source code, videos, and/or screenshots. Once submitted, all forum users are invited to vote for the contest winner. However, the judging is not completely transparent as the forum owners and contest sponsors have their own votes in the matter.

“The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques. There is even evidence to suggest that these competitions act as a tool for recruitment amongst prominent threat actor groups,” said Christopher Budd, director of threat research, Sophos. “While our research shows an increased focus on Web-3 related topics such as cryptocurrency, smart contracts and NFTs, many of the winning entries had a broader appeal and could be put to practical use, even if they weren’t particularly novel. This may be reflective of the priorities of the community but could indicate that attackers keep their best research to themselves as they can profit more from using them in real-world attacks.”

Latest ITechnology News: Japan-based Construction Tech Company Log Build Chooses Vonage To Enhance Customer Experience

Sophos X-Ops explored two prominent annual contests: one run by the Russian-language cybercrime forum Exploit, offering a total p**** fund of $80,000 to the winner of its contest in 2021, and another run on the XSS forum, with a p**** pool of $40,000 in 2022. For several years, prominent members of the cybercriminal community have sponsored these events, including All World Cards and Lockbit.

In the most recent contests, Exploit themed its competition around cryptocurrencies, while XSS opened its contest up to a range of topics from social engineering and attack vectors to evasion and scam proposals. Many of the winning entries focused on abusing legitimate tools such as Cobalt Strike. One runner-up shared a tutorial on targeting initial coin offerings (ICOs) to raise funds for a new cryptocurrency and another on manipulating privilege tokens to disable Windows Defender.

Latest ITechnology News: Teradek To Integrate With Sony’s Ci, Allowing Filmmakers And Broadcasters To Accelerate Secure Camera-to-Cloud Workflow

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Ubicquia and Movandi change the economics of deploying 5G networks with the first mmWave Streetlight Repeater

StrongBox Data to Showcase Solution to Reduce Complexity and Cost in Multi-Vendor Storage Environments at Supercomputing 2021

CIO Influence News Desk

Itential Debuts ServiceNow Application to Enable Cloud-Like Service Delivery for Infrastructure Changes

CIO Influence News Desk