{"id":4424,"date":"2020-10-14T16:50:42","date_gmt":"2020-10-14T16:50:42","guid":{"rendered":"https:\/\/blog.gridinsoft.com\/?p=4424"},"modified":"2020-10-14T16:50:42","modified_gmt":"2020-10-14T16:50:42","slug":"hackers-are-increasingly-using-open-source-tools-for-attacks","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/hackers-are-increasingly-using-open-source-tools-for-attacks\/","title":{"rendered":"Hackers are increasingly using open source tools for attacks"},"content":{"rendered":"

Speaking at the Virus Bulletin conference, Intezer Labs analysts said<\/a> that hackers are increasingly using open source tools for attacks, and listed freely available tools that hackers majorly abuse.<\/h4>\n

Such tools can include various applications, libraries, exploits, and so on. Most often, we are talking about proof-of-concept exploits for vulnerabilities that are published by information security specialists, or freely available pentester utilities.<\/p>\n

The existence of such tools has long been considered a very controversial phenomenon in the information security community.<\/p>\n

\u201cSo, on the one hand, such tools can help information security experts prepare systems and networks, protecting them from potential attacks. On the other hand, they help attackers reduce the cost and time of developing their own tools, and also allow them to disguise their activity among legitimate tests and pentests\u201d, \u2014 told Intezer Labs analysts.<\/p><\/blockquote>\n

Intezer Labs experts say that usually debates on this topic are based on the personal experience and beliefs of the participants in the discussion, and not on real data.<\/p>\n

The company decided to go the other way and collected data on 129 open source “offensive” tools, and then compared this data with malware samples and reports from colleagues to find out how widespread such solutions are among hackers. The results were combined in this interactive map<\/a>.<\/p>\n

As it turned out, all kinds of attackers actively use open source and simply publicly available solutions, from well-known government hack groups to small fraudsters. Many tools and libraries originally developed by cybersecurity researchers are now routinely used for cybercrime.<\/p>\n

\u201cWe found the most popular libraries for memory injection and RAT tools. Thus, the most popular tool for memory injection is the ReflectiveDllInjection<\/a> library, followed by the MemoryModule<\/a> library. Empire, Powersploit and Quasar turned out to be the most popular among the RAT tools\u201d, \u2014 said Intezer Labs.<\/p><\/blockquote>\n

It is also reported that Mimikatz<\/a> is most often used for lateral movement, and UACME<\/a> library is usually used to bypass UAC. That being said, Asian hacker groups tend to prefer Win7Elevate<\/a>, most likely due to the large number of Windows 7 installations in the region.<\/p>\n