SYDNEY, AU – Aug. 30, 2023 – Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced that it has uncovered how research contests run by cybercrime forums are helping to inspire new methods of attack and detection evasion. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also potential jobs. As outlined in Sophos X-Ops latest report, “For the Win? Offensive Research Contests on Criminal Forums,” these contests are designed to drive innovation, and when analysed, the entries provide invaluable insight into how cybercriminals attempt to overcome security obstacles.
Despite the long-standing nature of competitions on criminal forums, they have evolved over the years. Early cybercrime contests involved trivia quizzes, graphic design competitions and guessing games. Now criminal forums are inviting attackers to ‘submit’ articles on technical topics, complete with source code, videos, and/or screenshots. Once submitted, all forum users are invited to vote for the contest winner. However, the judging is not completely transparent as the forum owners and contest sponsors have their own votes in the matter.
“The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques. There is even evidence to suggest that these competitions act as a tool for recruitment amongst prominent threat actor groups,” said Christopher Budd, director of threat research, Sophos. “While our research shows an increased focus on Web-3 related topics such as cryptocurrency, smart contracts and NFTs, many of the winning entries had a broader appeal and could be put to practical use, even if they weren’t particularly novel. This may be reflective of the priorities of the community but could indicate that attackers keep their best research to themselves as they can profit more from using them in real-world attacks.”
Sophos X-Ops explored two prominent annual contests: one run by the Russian-language cybercrime forum Exploit, offering a total prize fund of $80,000 to the winner of its contest in 2021, and another run on the XSS forum, with a prize pool of $40,000 in 2022. For several years, prominent members of the cybercriminal community have sponsored these events, including All World Cards and Lockbit.
In the most recent contests, Exploit themed its competition around cryptocurrencies, while XSS opened its contest up to a range of topics from social engineering and attack vectors to evasion and scam proposals. Many of the winning entries focused on abusing legitimate tools such as Cobalt Strike. One runner-up shared a tutorial on targeting initial coin offerings (ICOs) to raise funds for a new cryptocurrency and another on manipulating privilege tokens to disable Windows Defender.
More information about these cybercrime contests attacks is available in the article “For the Win? Offensive Research Contests on Criminal Forums” on Sophos.com.
Learn More About:
- How scammers scam each other out of millions
- Sophos X-Ops and its ground breaking threat research by subscribing to the Sophos X-Ops blogs
- Attacker behaviors, techniques and tactics in the 2023 Active Adversary Report for Business Leaders, and the 2023 Active Adversary Report for Tech Leaders, based on an analysis of Sophos incident response cases
- Different ransomware threat actors, their TTPs and Sophos’ latest ransomware research in the Ransomware Threat Intelligence Center
- The threat landscape and trends likely to impact cybersecurity in the 2023 Threat Report
Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organisations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organisations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimises the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralised data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organisations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.