跳到主体内容

Low-tech attackers harness open source security tools for targeted cyberespionage

2016年4月27日

Kaspersky Lab researchers have uncovered a new trend among cyberespionage threat actors: instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, they are using tools available on the web for research purposes

Kaspersky Lab researchers have uncovered a new trend among cyberespionage threat actors: instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, they are using tools available on the web for research purposes. Several cyberespionage campaigns utilizing such tools have been spotted recently by experts.

This trend demonstrates that not only is the price of dangerous cyberattack tools falling, the tools are becoming more effective, and their accessibility – higher. This means that even less-professional, less-skilled and less-resourced hacker groups can now pose a threat to users and companies. Moreover, the use of legitimate tools for pentesting makes such attacks less visible to security solutions.

The browser exploitation framework, or BeEF, is one such tool. Originally developed by the security community to make the security testing of browsers better and easier, it is now used by several cyberespionage groups to attack targets around the world.

To exploit vulnerabilities in targets’ browsers, the hackers compromise websites of interest, plant BeEF on it, and then just wait for potential victims to visit these websites. The BeEF content enables the precise identification of both system and user and allows for the exploitation and theft of authentication credentials which in turn enable additional malware to be downloaded to a compromised device, and more. This infection tactic is called setting up a watering hole and is often used by cyberespionage actors.

During their research, the Kaspersky Lab specialists were able to identify tens of such “watering hole” websites. The nature and topics of these websites reveals a lot about the types of potential targets:

  • Middle-eastern embassy in the Russian Federation
  • Indian military technology school
  • Regional presidency office
  • Ukrainian ICS Scanner mirror
  • European Union education diversification support agency
  • Russian foreign trade management organization
  • Progressive Kazakh news and political media
  • Turkish news organization
  • Specialized German music school
  • Japanese textile manufacturing inspection organization
  • Middle Eastern social responsibility and philanthropy
  • Popular British "lifestyle" blog
  • Algerian University's online course platform
  • Chinese construction group
  • Russian overseas business development and holding company
  • Russian gaming developer forum
  • Romanian Steam gaming developer
  • Chinese online gaming virtual gold seller
  • Brazilian music instrument retailer

“Previously we’ve seen cyberespionage groups using different open-sourced, legitimate pentesting tools, either in combination with their own malware or without it. What is different now is that we’re seeing more and more groups using BeEF as an attractive and effective alternative.  This fact should be taken into account by corporate security departments in order to protect the organization from this new threat vector,” - said Kurt Baumgartner, principal security researcher at Kaspersky Lab.

Read more about the malicious usage of BeEF and other legitimate offensive tools by threat actors like Newsbeef/Newscaster, Crouching Yeti, and TeamSpy APT, and how to protect from such attacks at Securelist.com.

Low-tech attackers harness open source security tools for targeted cyberespionage

Kaspersky Lab researchers have uncovered a new trend among cyberespionage threat actors: instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, they are using tools available on the web for research purposes
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻