Hackers Are Using These Tools to Reel in New Victims

Posted on the 05 November 2018 by Darkwebnews @darkwebnews

Illegal cyber operations have currently gained momentum as attackers have invested in a variety of hacking tools to use to attack people.

These hacking tools are freely available on both the clearnet and the dark web, open to anyone who wishes to access and exploit them for malicious gains.

The member countries of the intelligence-sharing arrangement dubbed "Five Eyes" brought into the limelight the use of these tools to attack people.

These countries-Australia, the United Kingdom, New Zealand, the United States and Canada-have warned that threat actors use these tools to exploit data and networks from oblivious citizens.

The hacking tools, which include obfuscation tools, web shells and remote access Trojans, are used in combinations by some of the most experienced attackers.

Despite the ever-developing capabilities of cybercriminals, there has not been any success in relegating these publicly available hacking tools.

Even the most complex attackers have access to them.

A recent report from the U.K.'s National Cyber Security Centre highlights that the list of tools procured for cyberattacks is quite extensive.

The list they have provided, therefore, is a guide for network defenders to jumpstart a rigorous protective plan against exploitation by these attackers using the most common hacking tools.

PowerShell Empire was released as a legitimate tool for penetration testing in 2015. However, attackers figured out a malicious niche through which they could exploit the instrument.

Currently, attackers use PowerShell Empire to exfiltrate information, harvest credentials, move laterally across a network and escalate privileges.

The legitimate status of PowerShell Empire conveniently subsumes the malicious activities that the cybercriminals propagate.

Furthermore, its operation, which is purely on memory, profoundly reduces chances of tracing any malicious activity.

Dark web criminals and nation states have exploited these loopholes for use primarily in conducting campaigns.

Remote access Trojans serve as one of the most dangerous hacking tools on the list. They present the broadest scope of cyberattack.

This tool comprises malware which attackers secretly install in compromised networks to create a backdoor for their activities.

This backdoor enables the hacker to monitor the target's activities. It provides access to making commands through which the hackers could easily steal data.

A particularly common Trojan is JBiFrost. Though its use is proficient with low-skilled cyber actors, it has the capacity for exploitation by state actors.

Actors mainly prefer JBiFrost due to its cross-platform nature. Its use extends through Windows, Android, Linux and Mac OS.

This Trojan's use across networks enables hackers to add software to the target networks they have penetrated.

The report highlights that cybercriminals have commonly used this Trojan, which is publicly available, in attacks that target supply chain operators and critical national infrastructure.

The U.K. National Cyber Security Centre report further reveals that there are many tools that hackers are using to attack unsuspecting targets.

Network defenders can take action to stop the spread of the hacking predicament that these attacks pose.

Organizations can employ specific measures that create a protective barrier against exploitation through these tools.

These include segregating networks, multi-factor authentication, setting up a security monitoring capability and updating systems and software.

These are malicious scripts which attackers upload onto the target's system to bypass administrative privileges and use them remotely.

Users upload the scripts following a successful weakening of the target's data security. The objective of this attack is to establish a firm grasp of the target's system, thus providing an opportunity to exploit any data that was previously exclusive to the target's use.

China chopper is one of the common types of web shells. Attackers mostly use it in compromised web servers.

This web shell, once installed, enables the attacker to have unlimited access to it and its functions, including copying, deleting, renaming files and even going as far as changing the time stamps on the target's data.

Obfuscation is the intentional clouding of information to obscure clarity, making that particular piece of information difficult to fathom.

Hackers uphold this reputation by skillfully enabling their location and activity left to the imagination of any tracking parties.

Therefore, in a bid to cover their tracks and maintain no identification, they use obfuscation tools which enable them to hide their location and the scope of their activity.

HTran tops the list of obfuscation tools most prolifically used due to its availability on the internet enabled by constant uploads to platforms like GitHub.

Attackers especially use the HTran tool in attacks against corporate institutions and government bodies.

Attackers utilize this tool to evade systems that would intrude and detect their activity and furthermore to hide any contact or evidence of communication with the central control server for their operations.

As is the case with previously legitimate tools, Mimikatz also waded through the market for genuine causes.

Its current use overshadows its original purpose as it allows for greater malicious attacks. Attackers use this tool to gain access to credentials and other administrative privileges.

It is a tool for retrieving clear text hashes and credentials from memory.

The device is responsible for fueling the Bad Rabbit and NotPetya ransomware attacks where criminals used it to gain access to the administrative privileges of the Windows equipment to enable divergence of the extent of the attack.

Disclaimer: