Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/17/2015
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Inside the 4 Most Common Threat Actor Tools

How do you prevent your environment from becoming the next target? Turn the tables on your attackers.

This isn’t Hollywood. Contrary to popular belief -- and what movies have the general population believe — malicious cyber actors and threat groups aren’t the technical super villains as portrayed on the silver screen.

For the most part, they don’t have incredible super powers or one-of-a-kind, hacker-only tools that are assembled in dark laboratories by nefarious guys in hoodies. The reality? The threat actors simply require access to their targets and dwell time. The nature of how most environments and networks are built makes them relatively easy targets for anyone with a moderate skill set — and a bit of time to kill. 

These actors only require patience and a sound understanding of the critical pieces of intelligence needed to gain entry to a network or a user with the appropriate credentials. Sooner or later, the walls — whether logical or physical — will fall.  

So, how do you prevent your environment from becoming the next target? Threat actors and malicious crime groups rely on four basic sources.

Open Season
Open-source intelligence, or OSINT, provides volumes of information on specific technologies and vulnerabilities that are tied to exploits. This provides details for how threat actors may attempt to gain access to a specific network or user machine.

When organizations understand the same information as their adversaries, they’re better prepared to fight back. Then, after the completion of OSINT research, the winning strategy would involve an overlay of known threat capabilities against vulnerabilities. This gives an accurate picture of the surface area of attack.

Data Dumps
Hacker sites, such as Pastebin and other online forums, openly provide thousands of usernames, passwords, database dumps, and other juicy intelligence items. And all are collected and leveraged by threat actors as they plot their activity. For organizations, it’s sound strategy to always know if data has been posted to one of these sites. It’s often a valuable cue that an organization may soon be attacked.

Targeting Tools
The use of open-source frameworks, such as Metasploit and Kali Linux systems, provide even unskilled threat actors with superbly crafted tool sets that are focused on exploitation operations. Having a skilled internal penetration testing team, which can leverage the same techniques to probe an environment, will help organizations get ahead of threats on potentially vulnerable targets or access points.

Going Deep
Leveraging Darknet, P2P, IRC and ToR systems provide threat actors an additional avenue to gain deeper intelligence on targets. It is extremely rare that targeted individuals or organizations are even aware of these dark data sources, much less that threat actors actively seek intelligence within these obfuscated regions.

Unlike the sprawling movie sets and green screens across Southern California, today’s threat actors aren’t seeking domination with attacks on global banks, super computers, and nuclear reactor sites. It’s much more real. And any organization — regardless of size, industry or region — is a target. Every business and every network that connects to the Internet trusts a litany of technologies, vulnerabilities, and targeted intelligence data points that a threat actor can leverage to gain the upper hand during a targeting operation.  

It’s time to turn the tables and become more security-conscious. Building focused threat intelligence operations, via an iterative lifecycle that empower target networks and enterprises, will combat the threats that loom right at the doorstep. The military and global intelligence agencies have been deploying this tactic for years. They proactively seek out specific avenues of threat data, and then nullify the value that is being used by global threat actors. Enterprises and businesses should adopt this same strategy.  

As the threat intelligence lead for Armor, Dr. Chase Cunningham (CPO USN Ret.) proactively seeks out cyber threat tactics and technical indicators of various threat groups. He is regularly cited as an expert on cyber security and contributes to white papers and other ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20733
PUBLISHED: 2021-06-22
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVE-2021-20734
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
CVE-2021-20735
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to ...
CVE-2021-20736
PUBLISHED: 2021-06-22
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
CVE-2021-20737
PUBLISHED: 2021-06-22
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.