Criminal Community-Sponsored Contests Mirror Cybercrime Trends, Such as Disabling AV/EDR, Cryptocurrency Fraud, and C2 Frameworks

OXFORD, U.K. — 8月 29, 2023 —

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced that it has uncovered how research contests run by cybercrime forums are helping to inspire new methods of attack and detection evasion. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also potential jobs. As outlined in Sophos X-Ops latest report, “For the Win? Offensive Research Contests on Criminal Forums,” these contests are designed to drive innovation, and when analyzed, the entries provide invaluable insight into how cybercriminals attempt to overcome security obstacles.

Despite the long-standing nature of competitions on criminal forums, they have evolved over the years. Early cybercrime contests involved trivia quizzes, graphic design competitions and guessing games. Now criminal forums are inviting attackers to ‘submit’ articles on technical topics, complete with source code, videos, and/or screenshots. Once submitted, all forum users are invited to vote for the contest winner. However, the judging is not completely transparent as the forum owners and contest sponsors have their own votes in the matter.

“The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques. There is even evidence to suggest that these competitions act as a tool for recruitment amongst prominent threat actor groups,” said Christopher Budd, director of threat research, Sophos. “While our research shows an increased focus on Web-3 related topics such as cryptocurrency, smart contracts and NFTs, many of the winning entries had a broader appeal and could be put to practical use, even if they weren’t particularly novel. This may be reflective of the priorities of the community but could indicate that attackers keep their best research to themselves as they can profit more from using them in real-world attacks.”

Sophos X-Ops explored two prominent annual contests: one run by the Russian-language cybercrime forum Exploit, offering a total prize fund of $80,000 to the winner of its contest in 2021, and another run on the XSS forum, with a prize pool of $40,000 in 2022. For several years, prominent members of the cybercriminal community have sponsored these events, including All World Cards and Lockbit.

In the most recent contests, Exploit themed its competition around cryptocurrencies, while XSS opened its contest up to a range of topics from social engineering and attack vectors to evasion and scam proposals. Many of the winning entries focused on abusing legitimate tools such as Cobalt Strike. One runner-up shared a tutorial on targeting initial coin offerings (ICOs) to raise funds for a new cryptocurrency and another on manipulating privilege tokens to disable Windows Defender.  

More information about these cybercrime contests attacks is available in the article “For the Win? Offensive Research Contests on Criminal Forums” on Sophos.com.

ソフォスについて

ソフォスは、MDR (Managed Detection and Response) サービス、インシデント対応サービス、およびエンドポイント、ネットワーク、メール、クラウド セキュリティ テクノロジーの幅広いポートフォリオなど、サイバー攻撃を阻止する高度なセキュリティソリューションを提供する世界的なリーダーであり、革新的な企業です。ソフォスは、最大手のサイバーセキュリティ専門プロバイダーの 1つであり、全世界で 60万以上の組織と 1億人以上のユーザーを、アクティブな攻撃者、ランサムウェア、フィッシング、マルウェアなどから保護しています。ソフォスのサービスと製品は、Sophos Central 管理コンソールを介して接続され、企業のクロスドメイン脅威インテリジェンスユニットである Sophos X-Ops を利用しています。Sophos X-Ops のインテリジェンスは、Sophos ACE (Adaptive Cybersecurity Ecosystem) 全体を最適化します。このエコシステムには、お客様、パートナー、開発者、その他のサイバーセキュリティおよび情報技術ベンダーが利用できる豊富なオープン API セットを活用する一元化されたデータレイクが含まれます。ソフォスは、フルマネージド型のソリューションを必要とする組織に、Cyber​​security-as-a-Service を提供します。お客様は、ソフォスのセキュリティ運用プラットフォームを使用してサイバーセキュリティを直接管理することも、脅威ハンティングや修復などソフォスのサービスを使用して社内チームを補完するハイブリッドアプローチを採用することもできます。ソフォスは、リセラーパートナー、MSP (マネージド サービス プロバイダ) を通じて販売しています。ソフォス本社は英国オックスフォードにあります。詳細については www.sophos.com をご覧ください。