Industry Trends

Cybercriminals Opt for Open Source Tools

By Fortinet | June 10, 2019

This is a summary of a byline article by Fortinet’s Anthony Giandomenco entitled “Open Source Tools Provide Low-cost Development Options for Cyber-criminals” that was first published on May 2, 2019 in Infosecurity Magazine.

Open source tools help security professionals analyze exploits, test defenses, and leverage use real-world examples in training scenarios and conferences. They also enable researchers to monitor malware and attacker behaviors over time, providing insight into identifying malware developers as well as into predicting the next generation of malware or attack strategy. 

Unfortunately, cybercriminals have access to the same websites that researchers do, and they also increasingly turning their attention to open source malware tools to use for criminal activities.

Using Open Source Tools to Create Malware

According to Fortinet’s Anthony Giandomenco, cybercriminal developers are driven by the same ROI economic models as their targets, so “why build an attack from scratch when someone else has already done much of the hard work for you?”

As it turns out, open source security and malware tools can be converted into new attacks without much effort. Ironically, after the developers of the Mirai IoT botnet released its source code, a number of sites posted it online. Now, more than two years since its release, new variants continue to be captured in the wild.

Professional Cybercriminals and Script Kiddies All Benefit

“More experienced attackers can and do combine open source code with an evasion tool like the Veil-Framework—which is also open source—to repackage the code to try to bypass anti-malware. Of course, the attacker’s ability to easily access this malicious code can give them a head start on modifying and testing new versions with additional capabilities.”

- “Open Source Tools Provide Low-cost Development Options for Cyber-criminals”, May 2, 2019, Infosecurity Magazine
 

Unfortunately, while weaponizing some of these openware tools requires a degree of developer sophistication, many of the freely available malware tools can be repurposed quite easily.

“If a newbie wants to get into cybercrime and, for example, hold computers hostage for a ransom, it is not too difficult for them to exploit one of dozens of proof-of-concept ransomwares by making a few simple updates, such as changing the wallet address to send payments to, and they are ready to start attacking.”

- “Open Source Tools Provide Low-cost Development Options for Cyber-criminals”, May 2, 2019, Infosecurity Magazine

How to Beat Open Source Malware

Because these open source tools are often the result of advanced research by top security professionals, they provide cybercriminals with new to target unique targets, making it less likely that their victims will have adequate security measures in place. This means they can quickly penetrate the attack surface, establish and obscure a beachhead without detection, and then move across the network with little resistence. 

To meet this challenge, organizations need to implement specific countermeasures. These include:

  • Segmentation to prevent lateral movement across the network
  • Behavioral analytics to detect minor changes in traffic
  • Automation to enhance threat detection and response
  • Real-time threat intelligence to make critical real-time decisions
  • Automation and machine learning to take over time-consuming and menial tasks
  • Advanced Threat Protection, such as sandboxing, to detect unknown threats
  • Fully integrated security solutions that can share and respond to threat intelligence as a unified system, regardless of how widely they have been distributed

By deploying an integrated security fabric that spans today’s extended networks, IT security teams can stay ahead of the cyber threat curve to better detect and respond to threats happening anywhere across the entire attack surface.

 

Read the full article, entitled “Open Source Tools Provide Low-cost Development Options for Cyber-criminals” that was first published on May 2, 2019, in Infosecurity Magazine.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolioSign up for our weekly FortiGuard Threat Brief. 

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.