Kaspersky Lab researchers have discovered a new trend among threatening digital espionage: hackers, instead of developing customized tampering tools or buying them from third parties in the underworld of digital crime, use tools available on the Internet for research purposes.
Several digital espionage campaigns using these tools have been recently identified by experts.
This trend demonstrates that not only the price of dangerous digital attack tools is reduced but that these tools are becoming more and more effective and their accessibility is increasing. This means that even less professional, less skilled and less resourceful hacker groups can now pose a threat to users and businesses. In addition, the use of legitimate means makes such attacks less visible in security solutions.
The Browser Exploitation Framework (BeEF) is one such tool. Originally developed by the security community to make browser security better and easier, it is now being used by several digital espionage teams for attacks around the world.
To exploit vulnerabilities in target browsers, hackers compromise websites of interest to users, plant BeEF on them, and then simply wait for victims to visit them. BeEF's content allows for both system and user identification and allows exploitation and theft of authentication credentials, which in turn allows additional malware to be "downloaded" to the compromised device and more. This tacticcontaminations" is called a "watering hole" attack and is often used by digital espionage agencies.
During their investigation, Kaspersky Lab experts managed to identify dozens of websites used for "watering hole" attacks. Nature and the issues of these websites reveal a lot about the types of potential targets:
- Embassy of the Middle East in the Russian Federation
- Indian School of Military Technology
- Regional Office of the President
- Ukrainian ICS Scanner mirror
- European Union Agency for the Support of Diversity in Education
- Russian agency for foreign trade management
- Progressive news and political media in Kazakhstan
- Turkish news agency
- Specialized German Music School
- Japanese Textile Production Control Body
- Middle East Social Responsibility and Charity Organization
- Popular British "lifestyle" blog
- Web Platform of Algerian University curriculum
- Chinese construction group
- Russian holding company with international activities
- Russian developer forum Gaming
- Romanian site game developer site for the Steam platform
- Chinese virtual gaming vendor
- Brazilian house selling musical instruments
"In the past we have seen (hacker) groups use different, open source, legitimate pentesting tools, either in conjunction with their malware or without it. But what is different now, is that we are seeing more and more teams using BeEF, seeing it as an attractive and effective alternative. This fact should be taken into account by corporate security departments in order to protect organizations from this new threat actor."Said Kurt Baumgartner, Principal Security Researcher of Kaspersky Lab.
More information about the malicious use of BeEF and other legitimate tools by hackers such as Newsbeef / Newscaster, Crouching Yeti, and TeamSpy APT, and how to protect against such attacks, are available on the site Securelist.com.