Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious infrastructure, identifying more than 10,000 unique command and control (C2) servers, across 80 malware families — nearly all linked to advanced persistent threat (APT) groups or “high-end financial actors.” Recorded Future’s 2020 Adversary Infrastructure Report explained that researchers anticipate increased adoption of open-source tools because they’re easy to use and accessible to criminals without deep technical expertise. “Over the next year, Recorded Future expects further adoption of open-source tools that have recently gained popularity, specifically Covenant, Octopus C2, Sliver and Mythic,” the report said. “Three of these tools have graphical user interfaces, making them easier to use for less experienced operators and all four have verbose documentation on their uses.” Open Source and Cobalt Strike Dominate Researchers go on to explain that since the Cobalt Strike source code leaked last November on GitHub, it has increased in use, and that cracked or trial versions were largely being used by notable APTs including APT41, Mustang Panda, Ocean Lotus and FIN7. Cobalt Strike was also was linked to the highest number of observed C2 servers last year, the report said. Cobalt Strike is a…
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
205 Rockingham Row, Princeton, NJ 08540
315 West 36th Street, New York, NY 10018
(212) 696-0500
hello@govanguard.com
PGP: 0xE5D39775A0C6351B
For more information about PGP please see “What PGP is, and why You should use it”.
Data Privacy Notice
Content Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email hello@gvit.com