Public Hacking Tools: Day in the Sun

The old saying goes, “For every job, there is a tool.” In targeted cyber operations, the tools are often custom-designed for the specific job they’re doing. For example, Stuxnet zeroed in on a specific product made by a specific manufacturer as used in a specific country during a specific time period.

These tools are often devastating because they are tailored for the exact target at which they are aimed, and they have often taken into consideration the target’s defensive posture in order to neutralize it. But a new report by the UK’s National Cyber Security Centre (NCSC) draws attention to almost the opposite problem – the danger posed by a proliferation of generic, publicly available hacking tools that threat actors of all skill levels can, and indeed are, using with increased frequency and success.

The NCSC’s October 11 report, which was the result of a joint effort by the so-called Five Eyes governments (Australia, Canada, New Zealand, the U.K, and the U.S.), highlights five commonly seen, publicly available tools, all used after initial compromise. The report provides advice on how to limit their effectiveness.

The trend in the increased use of public tools is one we have noticed and are following at Cylance. In this blog post, we’ll take a look at the five tools identified by the Five Eyes and offer some commentary from the NCSC’s Report.

Often used in the early stages of a campaign, RATs allow the threat actor to assume remote control of a target system. They carry a host of variable features which allow for theft of credentials, installation of backdoors, etc.

NCSC highlights JBiFrost, a variant of Adwind, which in turn is derived from Frutas. NCSC says that it is most commonly used by low-level threat actors but could also (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: