Sophos, a leading cybersecurity provider, has recently brought attention to a disconcerting trend in the world of hacking. They have uncovered the emergence of research contests hosted on cybercrime forums, which are playing a significant role in driving the evolution of hacking techniques and evasion strategies. In a report titled “For the Win? Offensive Research Contests on Criminal Forums,” Sophos X-Ops sheds light on these contests, which resemble legitimate security conferences’ “Call For Papers” and incentivize cybercriminals to develop innovative attack methodologies.
What is particularly remarkable about these cybercrime contests is their evolution over time. They have transitioned from simple trivia quizzes and graphic design competitions to complex technical challenges. Drawing inspiration from conventional contests, participants are required to submit comprehensive articles accompanied by source code, videos, and screenshots. These submissions are then subjected to community voting, although forum owners and contest sponsors also exert influence over the final decision.
Christopher Budd, Sophos’ Director of Threat Research, emphasized the significance of these contests, stating that “cybercriminals running, participating, and even sponsoring these contests suggests that there is a community goal to advance their tactics and techniques.” Budd further pointed out that these competitions may serve as recruitment tools for major threat actor groups. The fact that cybercriminals are actively engaging in these contests highlights the desire within the community to continuously improve their skills.
Interestingly, the focus of these contests has shifted towards Web-3 related topics, such as cryptocurrencies, smart contracts, and NFTs. This indicates that cybercriminals are adapting to emerging trends in the cybersecurity landscape. However, several winning entries have demonstrated broad applicability, suggesting that attackers may be retaining their most potent research for personal exploitation in real-world attacks.
Sophos X-Ops’ research delved into two notable annual contests: one organized by the Russian-language cybercrime forum Exploit, which offered an impressive $80,000 prize to its 2021 winner, and another hosted on the XSS forum, featuring a prize pool of $40,000 in 2022. Over the years, prominent figures in the cybercriminal sphere, including All World Cards and Lockbit, have actively sponsored these contests.
Exploit’s recent contest focused on cryptocurrencies, showcasing the forum’s adaptation to the digital financial landscape. On the other hand, the XSS contest covered a wide range of themes, including social engineering, attack vectors, evasion strategies, and scam tactics. Many winning entries explored the exploitation of legitimate tools like Cobalt Strike. Noteworthy tutorials included targeting initial coin offerings (ICOs) for cryptocurrency funding and manipulating privilege tokens to disable Windows Defender.
Sophos’ groundbreaking investigation into these offensive research contests highlights the constant innovation driving cybercriminal tactics. As the cybersecurity landscape continues to evolve, it is crucial for defenders to stay ahead of these emerging threats and adapt their strategies to counter the ever-changing techniques employed by malicious actors. By understanding the tactics and techniques being developed through these contests, cybersecurity professionals can better prepare themselves to defend against future attacks.
In conclusion, the rise of research contests on cybercrime forums is an unsettling trend that underscores the evolving nature of hacking and the importance of continuous innovation in the cybersecurity field. These contests not only drive the development of new attack methodologies but also serve as recruitment tools for major threat actor groups. As cybercriminals adapt to emerging trends, defenders must remain vigilant and adapt their strategies to stay ahead of these evolving threats. Sophos’ research provides valuable insights into the offensive research contests, empowering cybersecurity professionals to better understand the tactics and techniques employed by malicious actors.