Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:30 AM
Connect Directly
E-Mail vvv

Inside the 4 Most Common Threat Actor Tools

How do you prevent your environment from becoming the next target? Turn the tables on your attackers.

This isn’t Hollywood. Contrary to popular belief -- and what movies have the general population believe — malicious cyber actors and threat groups aren’t the technical super villains as portrayed on the silver screen.

For the most part, they don’t have incredible super powers or one-of-a-kind, hacker-only tools that are assembled in dark laboratories by nefarious guys in hoodies. The reality? The threat actors simply require access to their targets and dwell time. The nature of how most environments and networks are built makes them relatively easy targets for anyone with a moderate skill set — and a bit of time to kill. 

These actors only require patience and a sound understanding of the critical pieces of intelligence needed to gain entry to a network or a user with the appropriate credentials. Sooner or later, the walls — whether logical or physical — will fall.  

So, how do you prevent your environment from becoming the next target? Threat actors and malicious crime groups rely on four basic sources.

Open Season
Open-source intelligence, or OSINT, provides volumes of information on specific technologies and vulnerabilities that are tied to exploits. This provides details for how threat actors may attempt to gain access to a specific network or user machine.

When organizations understand the same information as their adversaries, they’re better prepared to fight back. Then, after the completion of OSINT research, the winning strategy would involve an overlay of known threat capabilities against vulnerabilities. This gives an accurate picture of the surface area of attack.

Data Dumps
Hacker sites, such as Pastebin and other online forums, openly provide thousands of usernames, passwords, database dumps, and other juicy intelligence items. And all are collected and leveraged by threat actors as they plot their activity. For organizations, it’s sound strategy to always know if data has been posted to one of these sites. It’s often a valuable cue that an organization may soon be attacked.

Targeting Tools
The use of open-source frameworks, such as Metasploit and Kali Linux systems, provide even unskilled threat actors with superbly crafted tool sets that are focused on exploitation operations. Having a skilled internal penetration testing team, which can leverage the same techniques to probe an environment, will help organizations get ahead of threats on potentially vulnerable targets or access points.

Going Deep
Leveraging Darknet, P2P, IRC and ToR systems provide threat actors an additional avenue to gain deeper intelligence on targets. It is extremely rare that targeted individuals or organizations are even aware of these dark data sources, much less that threat actors actively seek intelligence within these obfuscated regions.

Unlike the sprawling movie sets and green screens across Southern California, today’s threat actors aren’t seeking domination with attacks on global banks, super computers, and nuclear reactor sites. It’s much more real. And any organization — regardless of size, industry or region — is a target. Every business and every network that connects to the Internet trusts a litany of technologies, vulnerabilities, and targeted intelligence data points that a threat actor can leverage to gain the upper hand during a targeting operation.  

It’s time to turn the tables and become more security-conscious. Building focused threat intelligence operations, via an iterative lifecycle that empower target networks and enterprises, will combat the threats that loom right at the doorstep. The military and global intelligence agencies have been deploying this tactic for years. They proactively seek out specific avenues of threat data, and then nullify the value that is being used by global threat actors. Enterprises and businesses should adopt this same strategy.  

As the threat intelligence lead for Armor, Dr. Chase Cunningham (CPO USN Ret.) proactively seeks out cyber threat tactics and technical indicators of various threat groups. He is regularly cited as an expert on cyber security and contributes to white papers and other ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.