"Cybercriminals Are Deploying Legit Security Tools Far More Than Before, Researchers Conclude"
According to a report released by researchers at Proofpoint, financially motivated cybercriminals are increasingly using legitimate security tools in the performance of their attacks. The report reveals that there has been a significant increase in attacks using Cobalt Strike, which is a legitimate tool used by cybersecurity professionals to test system security. The number of attacks involving Cobalt Strike grew by 161 percent in 2020. Proofpoint researchers have already observed the tool targeting tens of thousands of organizations in 2021. Threat groups have been able to access the tool through the circulation of pirated versions on the dark web. Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, calls on the cybersecurity community to examine how illegitimate use of offensive security tools has increased among Advanced Persistent Threat (APT) actors and cybercriminals alike. Financially motivated threat actors are now armed like groups supported by different governments. This article continues to discuss the increased use of legitimate security testing tools among cybercriminals, the popularity of Cobalt Strike, and the growth in the use of trusted services to distribute malware.