Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/17/2015
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Inside the 4 Most Common Threat Actor Tools

How do you prevent your environment from becoming the next target? Turn the tables on your attackers.

This isn’t Hollywood. Contrary to popular belief -- and what movies have the general population believe — malicious cyber actors and threat groups aren’t the technical super villains as portrayed on the silver screen.

For the most part, they don’t have incredible super powers or one-of-a-kind, hacker-only tools that are assembled in dark laboratories by nefarious guys in hoodies. The reality? The threat actors simply require access to their targets and dwell time. The nature of how most environments and networks are built makes them relatively easy targets for anyone with a moderate skill set — and a bit of time to kill. 

These actors only require patience and a sound understanding of the critical pieces of intelligence needed to gain entry to a network or a user with the appropriate credentials. Sooner or later, the walls — whether logical or physical — will fall.  

So, how do you prevent your environment from becoming the next target? Threat actors and malicious crime groups rely on four basic sources.

Open Season
Open-source intelligence, or OSINT, provides volumes of information on specific technologies and vulnerabilities that are tied to exploits. This provides details for how threat actors may attempt to gain access to a specific network or user machine.

When organizations understand the same information as their adversaries, they’re better prepared to fight back. Then, after the completion of OSINT research, the winning strategy would involve an overlay of known threat capabilities against vulnerabilities. This gives an accurate picture of the surface area of attack.

Data Dumps
Hacker sites, such as Pastebin and other online forums, openly provide thousands of usernames, passwords, database dumps, and other juicy intelligence items. And all are collected and leveraged by threat actors as they plot their activity. For organizations, it’s sound strategy to always know if data has been posted to one of these sites. It’s often a valuable cue that an organization may soon be attacked.

Targeting Tools
The use of open-source frameworks, such as Metasploit and Kali Linux systems, provide even unskilled threat actors with superbly crafted tool sets that are focused on exploitation operations. Having a skilled internal penetration testing team, which can leverage the same techniques to probe an environment, will help organizations get ahead of threats on potentially vulnerable targets or access points.

Going Deep
Leveraging Darknet, P2P, IRC and ToR systems provide threat actors an additional avenue to gain deeper intelligence on targets. It is extremely rare that targeted individuals or organizations are even aware of these dark data sources, much less that threat actors actively seek intelligence within these obfuscated regions.

Unlike the sprawling movie sets and green screens across Southern California, today’s threat actors aren’t seeking domination with attacks on global banks, super computers, and nuclear reactor sites. It’s much more real. And any organization — regardless of size, industry or region — is a target. Every business and every network that connects to the Internet trusts a litany of technologies, vulnerabilities, and targeted intelligence data points that a threat actor can leverage to gain the upper hand during a targeting operation.  

It’s time to turn the tables and become more security-conscious. Building focused threat intelligence operations, via an iterative lifecycle that empower target networks and enterprises, will combat the threats that loom right at the doorstep. The military and global intelligence agencies have been deploying this tactic for years. They proactively seek out specific avenues of threat data, and then nullify the value that is being used by global threat actors. Enterprises and businesses should adopt this same strategy.  

As the threat intelligence lead for Armor, Dr. Chase Cunningham (CPO USN Ret.) proactively seeks out cyber threat tactics and technical indicators of various threat groups. He is regularly cited as an expert on cyber security and contributes to white papers and other ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...