Cybercriminal Forums Spur New Attack Tactics: Sophos Study

News Desk -

Share

Sophos has disclosed its findings on how cybercrime forums are employing research contests to inspire novel attack methods and detection evasion strategies. These contests, resembling legitimate “Call For Papers” security conferences, not only offer substantial financial rewards and peer recognition but also serve as potential recruitment channels. Detailed in the latest report from Sophos X-Ops, titled “For the Win? Offensive Research Contests on Criminal Forums,” these initiatives drive innovation and offer critical insights into how cybercriminals endeavor to circumvent security barriers.

Over the years, these forums have witnessed the evolution of their competitions. Early cybercrime contests encompassed trivia quizzes, graphic design competitions, and guessing games. Presently, they invite participants to “submit” articles on technical subjects, accompanied by source code, videos, and screenshots. These submissions are subjected to community voting for contest winners, although transparency in judging remains questionable due to the influence of forum owners and sponsors.

Christopher Budd, Director of Threat Research at Sophos, remarked, “The fact that cybercriminals are organizing, participating in, and even funding these contests suggests a collective aspiration to advance their tactics and techniques. There’s evidence to indicate that these competitions serve as a recruitment tool for prominent threat actor groups. While our research reveals a growing interest in Web-3 related topics like cryptocurrency, smart contracts, and NFTs, many winning entries possess broader applicability, even if they lack novelty.

This may reflect the community’s priorities, but it might also suggest that cybercriminals reserve their most potent research for their own use, capitalizing on them in real-world attacks.”

The Sophos X-Ops investigation delved into two significant annual contests: one hosted by the Russian-language cybercrime forum Exploit, offering an $80,000 prize pool in 2021, and another by the XSS forum, with $40,000 in rewards in 2022. Notably, influential figures within the cybercriminal community have been sponsoring these events for years, including All World Cards and Lockbit.

In recent contests, Exploit centered its competition on cryptocurrencies, while XSS broadened its scope to encompass topics like social engineering, attack vectors, evasion strategies, and scam proposals. Winning entries often revolved around the misuse of legitimate tools like Cobalt Strike. A runner-up provided a tutorial on targeting initial coin offerings (ICOs) for fundraising in the realm of cryptocurrencies, while another detailed the manipulation of privilege tokens to disable Windows Defender.