Pen testing tools increasingly used by threat actors

Attack route

Legitimate penetration testing tools like Cobalt Strike, Impacket and RMM, are being used by threat actors because it’s more efficient to use existing tools that are proven to be successful than to create new software.

The latest Threat Detection Report from managed detection and response firm Red Canary shows Cobalt Strike in particular has never been more popular, impacting eight percent of its customers in 2021.

An as-a-service model has also become the norm for threat actors, with tools available for Phishing-as-a-Service (PhaaS), Access-as-a-Service and Crypters-as-a-Service, it has never been easier to find an adversary for hire.

The findings reveal that ransomware dominated the threat landscape in 2021, with groups adopting new techniques such as double extortion and as-a-service models to evade detection and maximize their earnings.

Among other noteworthy threats are Rose Flamingo — an activity cluster that focuses on opportunistic, financially motivated malware and uses SEO poisoning to lure victims; and TA551 — an email-based threat actor that was the top threat of 2021, impacting more than 10 percent of Red Canary customers.

“These threats are less sensational than you might find elsewhere, but they’re the ones that will impact the majority of organizations,” says Keith McCammon at Red Canary. “This report addresses highly prevalent threats and the tried-and-true techniques that are wreaking havoc on organizations. We take it a step further to explore in depth the adversarial techniques that continue to evade preventative controls, and that can be challenging to detect. We hope that this report serves as a valuable tool for everyone from executives to practitioners, providing the information that’s needed to detect and respond to cybersecurity threats before they negatively impact organizations.”

You can get the full report from the Red Canary site.

Image Credit: Jurgen Priewe / Shutterstock

Author: Martha Meyer