Open Source Spying Tools

Friday, April 29, 2016 @ 03:04 PM gHale

In a new way to do reconnaissance, bad guys are using tools available to them on the web versus developing customized hacking tools or buying them from third-party suppliers on the criminal underground, researchers said.

Several cyberespionage campaigns utilizing such tools have been spotted recently by researchers at Kaspersky Labs.

Gold Mining Company Hacked
Ransomware Attack Hurts MI Utility
Hack Attack Plan Thwarted
Aircraft Manufacturer Attacked

This means that even less-professional, less-skilled and less-resourced hacker groups can now pose a threat to users and companies. Moreover, the use of legitimate tools for pen-testing makes such attacks less visible to security solutions.

The browser exploitation framework (BeEF) is one tool. Originally developed by the security community to make the security testing of browsers better and easier, bad guys now use it to attack targets around the world.

“Previously we’ve seen cyber espionage groups using different open-sourced, legitimate pen testing tools, either in combination with their own malware or without it. What is different now is that we’re seeing more and more groups using BeEF as an attractive and effective alternative. This fact should be taken into account by corporate security departments in order to protect the organization from this new threat vector,” said Kurt Baumgartner, principal security researcher at Kaspersky Lab.

To exploit vulnerabilities in targets’ browsers, the hackers compromise websites of interest, plant BeEF on it, and then wait for victims to visit these websites.

BeEF content enables the precise identification of system and user and allows for the exploitation and theft of authentication credentials which in turn enable additional malware to end up downloaded to a compromised device, the researchers said. This watering hole attack ends up used to great success by bad guys.

During their research, the Kaspersky Lab specialists were able to identify watering hole sites. The nature and topics of these websites reveals quite a bit about the types of potential targets:

— Middle-eastern embassy in the Russian Federation
— Indian military technology school
— Regional presidency office
— Ukrainian ICS Scanner mirror
— European Union education diversification support agency
— Russian foreign trade management organization
— Progressive Kazakh news and political media
— Turkish news organization
— Specialized German music school
— Japanese textile manufacturing inspection organization
— Middle Eastern social responsibility and philanthropy
— Popular British “lifestyle” blog
— Algerian University’s online course platform
— Chinese construction group
— Russian overseas business development and holding company
— Russian gaming developer forum
— Romanian Steam gaming developer
— Chinese online gaming virtual gold seller
— Brazilian music instrument retailer

Click here for more information.

Leave a Reply

You must be logged in to post a comment.