image
Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious infrastructure, identifying more than 10,000 unique command and control (C2) servers, across 80 malware families — nearly all linked to advanced persistent threat (APT) groups or “high-end financial actors.” Recorded Future’s 2020 Adversary Infrastructure Report explained that researchers anticipate increased adoption of open-source tools because they’re easy to use and accessible to criminals without deep technical expertise. “Over the next year, Recorded Future expects further adoption of open-source tools that have recently gained popularity, specifically Covenant, Octopus C2, Sliver and Mythic,” the report said. “Three of these tools have graphical user interfaces, making them easier to use for less experienced operators and all four have verbose documentation on their uses.” Open Source and Cobalt Strike Dominate Researchers go on to explain that since the Cobalt Strike source code leaked last November on GitHub, it has increased in use, and that cracked or trial versions were largely being used by notable APTs including APT41, Mustang Panda, Ocean Lotus and FIN7. Cobalt Strike was also was linked to the highest number of observed C2 servers last year, the report said. Cobalt Strike is a…

Source