A recent report from Sophos reveals that adversary-sponsored research contests on cybercriminal forums are increasingly focusing on new methods of attack and evasion. These contests, which resemble legitimate security conference ‘Call For Papers’, offer significant financial rewards, recognition, and even potential job opportunities to the winners. Sophos emphasizes that these competitions are designed to drive innovation, and by analyzing the entries, valuable insights can be gained into how cybercriminals attempt to overcome security obstacles.
Over the years, criminal forums have witnessed an evolution in the nature of these competitions. Initially, cybercrime contests involved trivia quizzes, graphic design competitions, and guessing games. However, the recent trends highlight a shift towards technical topics, with participants being asked to submit articles accompanied by source code, videos, and screenshots. The forum users then vote for the winner, but the judging process is not entirely transparent, as the forum owners and contest sponsors also have their say in determining the victor.
Christopher Budd, the director of threat research at Sophos, points out that the existence of these contests and the active participation and sponsorship from cybercriminals indicate a shared goal within the community to advance their tactics and techniques. Moreover, these competitions might also serve as a tool for recruitment among prominent threat actor groups.
The research conducted by Sophos highlights an increased emphasis on Web-3 related topics, such as cryptocurrency, smart contracts, and NFTs. However, many winning entries have a broader appeal and could be practically applied, even if they weren’t particularly groundbreaking. This might indicate that cyber attackers tend to keep their best research to themselves, as they can profit more from utilizing them in real-world attacks.
To explore the latest trends in cyber competitions, Sophos X-Ops focused on two prominent annual contests. The first was held by the Russian-language cybercrime forum Exploit, which offered a total prize fund of $80,000 to the winner in 2021. The second contest took place on the XSS forum, with a prize pool of $40,000 in 2022. For several years, these events have received sponsorship from prominent members of the cybercriminal community, including All World Cards and Lockbit.
In the most recent contests, Exploit centered its competition around cryptocurrencies, while XSS opened up the contest to various topics ranging from social engineering and attack vectors to evasion and scam proposals. The winning entries in these contests often focused on exploiting legitimate tools such as Cobalt Strike. One runner-up, for instance, shared a tutorial on targeting initial coin offerings (ICOs) to raise funds for a new cryptocurrency, while another entry explained how to manipulate privilege tokens to disable Windows Defender.
The insights gained from analyzing these cyber competitions are crucial in understanding the evolving tactics and techniques employed by cybercriminals. With the continuous advancement of technology, it is imperative for security professionals and organizations to stay updated and prepared to defend against these emerging threats.