Criminal Community-Sponsored Contests Mirror Cybercrime Trends, Such as Disabling AV/EDR, Cryptocurrency Fraud, and C2 Frameworks

OXFORD, U.K. — Agosto 29, 2023 —

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced that it has uncovered how research contests run by cybercrime forums are helping to inspire new methods of attack and detection evasion. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also potential jobs. As outlined in Sophos X-Ops latest report, “For the Win? Offensive Research Contests on Criminal Forums,” these contests are designed to drive innovation, and when analyzed, the entries provide invaluable insight into how cybercriminals attempt to overcome security obstacles.

Despite the long-standing nature of competitions on criminal forums, they have evolved over the years. Early cybercrime contests involved trivia quizzes, graphic design competitions and guessing games. Now criminal forums are inviting attackers to ‘submit’ articles on technical topics, complete with source code, videos, and/or screenshots. Once submitted, all forum users are invited to vote for the contest winner. However, the judging is not completely transparent as the forum owners and contest sponsors have their own votes in the matter.

“The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques. There is even evidence to suggest that these competitions act as a tool for recruitment amongst prominent threat actor groups,” said Christopher Budd, director of threat research, Sophos. “While our research shows an increased focus on Web-3 related topics such as cryptocurrency, smart contracts and NFTs, many of the winning entries had a broader appeal and could be put to practical use, even if they weren’t particularly novel. This may be reflective of the priorities of the community but could indicate that attackers keep their best research to themselves as they can profit more from using them in real-world attacks.”

Sophos X-Ops explored two prominent annual contests: one run by the Russian-language cybercrime forum Exploit, offering a total prize fund of $80,000 to the winner of its contest in 2021, and another run on the XSS forum, with a prize pool of $40,000 in 2022. For several years, prominent members of the cybercriminal community have sponsored these events, including All World Cards and Lockbit.

In the most recent contests, Exploit themed its competition around cryptocurrencies, while XSS opened its contest up to a range of topics from social engineering and attack vectors to evasion and scam proposals. Many of the winning entries focused on abusing legitimate tools such as Cobalt Strike. One runner-up shared a tutorial on targeting initial coin offerings (ICOs) to raise funds for a new cryptocurrency and another on manipulating privilege tokens to disable Windows Defender.  

More information about these cybercrime contests attacks is available in the article “For the Win? Offensive Research Contests on Criminal Forums” on Sophos.com.

Informazioni su Sophos

Sophos, leader mondiale e innovatore nelle soluzioni di sicurezza avanzate per neutralizzare i cyberattacchi, tra cui servizi MDR (Managed Detection and Response) e incident response, mette a disposizione delle aziende un’ampia gamma di soluzioni di sicurezza per endpoint, network, email e cloud al fine di supportarle nella lotta ai cyber attacchi. In quanto uno dei principali provider di cybersecurity, Sophos protegge oltre 600.000 realtà e più di 100 milioni di utenti a livello globale da potenziali minacce, ransomware, phishing, malware e altro. I servizi e le soluzioni di Sophos vengono gestiti attraverso la console Sophos Central, basata su cloud, e si incentra su Sophos X-Ops, l'unità di threat intelligence cross-domain dell'azienda. Sophos X-Ops ottimizza l’intero ecosistema adattivo di cybersecurity di Sophos, che include un data lake centralizzato, che si avvale di una ricca serie di API aperti, resi disponibili ai clienti, ai partner, agli sviluppatori e ad altri fornitori di cyber security e information technology. Sophos fornisce cybersecurity as a service alle aziende che necessitano di soluzioni chiavi in mano interamente gestite. I clienti possono scegliere di gestire la propria cybersecurity direttamente con la piattaforma di Sophos per le operazioni di sicurezza o di adottare un approccio ibrido, integrando i propri servizi con quelli di Sophos, come il threat hunting e la remediation. Sophos distribuisce i propri prodotti attraverso partner e fornitori di servizi gestiti (MSP) in tutto il mondo. Sophos ha sede a Oxford, nel Regno Unito. Ulteriori informazioni sono disponibili su www.sophos.it.