Skip to main content

Cybercriminals are using security tools to facilitate attacks

cyber attack
(Image credit: Pixabay.com)

Some of the world’s most popular penetration testing tools have been compromised and used to host malware, as well as command and control (C&C) servers, experts are saying.

A new report from threat intelligence firm Recorded Future claims that two tools used to simulate an attacker’s action, Cobalt Strike and Metasploit, have been used for hosting malware C&C servers, the goal of which is to control compromised devices or accept stolen data.

While using open-source software to conduct attacks is nothing new, offensive security tools (or red-team tools) such as these are generally considered among the most complex. Recorded Future believes that these malware operations were the work of either state-sponsored attackers, or financially-motivated groups (or both).

As per a ZDNet report, more than a quarter of all malware C&C servers deployed last year were hosted using these two tools, with Cobalt Strike responsible for 13.5 percent and Metasploit 10.5 percent.

According to the report, more than 10,000 malware C&C servers and 80 malware strains were discovered last year. On average, these servers live for 54.8 days and a third were hosted in the US.

Over the next year, Recorded Future expects criminals to further adopt popular open-source tools, naming Covenant, Octopus C2, Sliver, and Mythic as potential candidates.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.