print   email   Share

How Criminals And State Actors Infiltrate Penetration Tests To Create New Malware/Ransomware Risks

March 18, 2021

IT security firm, Recorded Future, recently reported having identified over 10,000 command and control (C&C) servers in 2020, directing over 80 varieties of malware. Interestingly, more than 25 percent of C&C attacks have utilized two specific security toolkits, Cobalt Strike and Metasploit.

IT security specialists use these two security tools to conduct penetration tests. They mimic the actions of a cybercriminal trying to break into a network, and thus help IT staff determine the strength of its defenses. However, cybercriminals quickly realized that they can use these offensive security tools to conceal real malware and access a network disguised as a typical penetration test.

On investigation into this type of attack, experts at Recorded Future found that a C&C server has an average lifespan of about 55 days. Also, IT departments who are looking only for "suspicious" hosting providers can leave themselves exposed, as the report found the majority of C&C servers on the systems of respected web hosting providers based in the U.S. (Amazon, Digital Ocean, and Choopa).

The intentions behind the malware attacks monitored by the IT firm include both financial gain and state-sponsored espionage. Catalin Cimpanu "Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020" www.zdnet.com (Jan. 07, 2021).

Commentary

Evaluating the strength of network security using penetration tests is becoming a popular tool for organizations today. Its popularity is confirmed by the increased hacking of such software by cybercriminals. However, this should not deter the use of this and other system security software.

Instead, take steps to reducing the number of system security platforms your organization utilizes, creating one platform from one vendor if possible. You should perform strict due diligence on these vendors. With one platform, you have the ability to share threat information between departments and more quickly identify suspicious activity.

In addition, continue to regularly provide security updates to your users. Be sure to clearly express the risks and repercussions of a system breach, and what specific online user actions leave an organization vulnerable to malware.

Finally, your opinion is important to us. Please complete the opinion survey:

News

New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

Tax Season Is Here And So Are Taxpayer Cyber Scams

Every year hackers take advantage of the stress of filing taxes to target victims, including employers, with phishing scams. Learn more.

Multi-Factor Authentication: Does It Help Protect Your Data?

SonicWall, Inc. says hackers breached its system security software and is working on a fix. Learn about multi-factor authentication.

How Fast Can A Cybercriminal Crack Your Password?

New research on 2020's most popular passwords shows that a large majority can be hacked in less than a second. This is yet another reason why password security should be a top priority.