Discovered: Criminal hackers with hacking competitions

SophosNews

Share post

Sophos X-Ops uncovers hacker research competitions on criminal online forums to innovate and overcome security hurdles in a new report. These cybercriminal research competitions also award individual prizes of up to $80.000.

Sophos X-Ops describes in its new report “For the win? Offensive Research Contests on Criminal Forums” Hacker research contests conducted by cybercrime forums to drive new attack innovations. The competitions focus on new attack and evasion methods and reflect cybercrime trends such as taking down AV/EDR, cryptocurrency fraud and setting up command-and-control infrastructures.

Hacker groups compete to find new attack routes

The competitions are similar to the “call for papers” of legitimate security conferences and offer winners significant financial rewards, recognition from colleagues and potential job opportunities. The uncovered submitted posts provide cybersecurity experts with valuable insight into the modus operandi of cybercriminals and how they attempt to overcome security hurdles.

“The fact that cybercriminals host, participate in, and even sponsor these contests suggests that there is a collective goal to further develop their tactics and techniques. There is even evidence that these competitions serve as a recruiting tool for prominent cybercriminal groups,” says Christopher Budd, director of threat research at Sophos.

It used to be harmless, but today it's about big money

The fact that hacker competitions are held on criminal forums is nothing new; the practice has existed for years. What is interesting, however, is how they have evolved over time. Early promotions included quizzes, graphic design competitions and quizzes. Criminal forums now invite submissions of articles on technical topics, including source code, videos and/or screenshots. The collected works are then rated by the forum users and the winner is determined. However, the judging is not completely transparent as the forum owners and competition sponsors appear to have special voting rights.

“While our research shows an increased concentration of cybercrime on Web 3-related topics such as cryptocurrencies or NFTs, many of the winning contest submissions had broader applications. They were characterized by the fact that they could be used almost immediately and were often not particularly innovative. "This could either reveal the community's priorities, or it could be evidence that attackers want to keep their best research results to themselves in order to avoid being exposed and then use their new tactics profitably in real attacks," continued Christopher Budd .

Sophos examined two competitions in more detail

Sophos Prize money of $80.000 was available here in 2021. For several years, prominent members of the cybercrime community have sponsored these events, including All World Cards and Lockbit.

In recent competitions, Exploit has focused its bidding on cryptocurrencies, while XSS has focused on topics ranging from social manipulation and attack vectors to evasion methods and scam offers. Many of the winning entries focused on abusing legitimate tools like Cobalt Strike. A runner-up shared a tutorial on hosting initial coin offerings (ICOs) to raise funds for a new cryptocurrency and another on manipulating privileges to disable Windows Defender.

More at Sophos.com

 


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


 

Matching articles on the topic

Curious: Malware developer gives himself away through mistakes

Exposing the Styx Stealer: How a hacker's slip-up led to the discovery of a huge amount of data on his own computer. The ➡ Read more

NIS2 Directive for cybersecurity in the EU

The introduction of the EU NIS2 Directive, which is to be implemented into national law by the Member States by October 2024, brings ➡ Read more

Best-of-breed for cybersecurity

History repeats itself, even in the area of ​​cybersecurity. There are cycles of consolidation and modularization. Currently, consolidation is again ➡ Read more

Webinar 17 September: Implementing NIS2 in a legally compliant manner

NIS2 Deep Dive: In a free, German-language webinar on September 17th from 10 a.m., a lawyer will explain how companies ➡ Read more

Ransomware: Above-average number of attacks in the education sector

The number of compromised backups and data encryption rates due to ransomware in the education sector have increased compared to the previous year. The recovery costs after ➡ Read more

Vulnerability in the Google Cloud Platform (GCP)

An exposure management company announces that its research team has identified a vulnerability in the Google Cloud Platform (GCP) ➡ Read more

NIST standards for quantum security

The publication of the post-quantum standards by the National Institute of Standards and Technology (NIST) marks a decisive step forward in securing ➡ Read more

Cisco licensing tool with critical 9.8 vulnerabilities

Cisco reports critical vulnerabilities in the Cisco Smart Licensing Utility that achieve a CVSS score of 9.8 out of 10. These vulnerabilities ➡ Read more