Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,198
- Points
- 113
From ngrok to Gsocket: Hacker tools evolve.
The world of cybersecurity is experiencing new trends: the sharp increase in the number of cyber incidents observed in 2022 and early 2023 has begun to slow down. The share of highly critical incidents also decreased slightly. Such conclusions are contained in the analytical report of BiZone for the first half of 2024.
BI.ZONE specialists recorded an increase in the number of cyber incidents by almost 40% compared to the same period last year. At the same time, the dynamics of cyber incidents by quarter is interesting. So, in 2023, 10% more incidents were detected in the second quarter than in the first. In 2024, the gap widened to 36%. Experts attribute this to a large number of days off at the beginning of the year and a decrease in the activity of conducting pentests during the holiday periods.
The leaders in the number of cyber incidents were industry and energy (38%), the IT industry (27%) and the financial sector (15%). For comparison, in the first half of 2023, industry accounted for 37% of incidents, the IT industry-26%, and the financial sector - 10%. The increased interest of intruders in industry and the fuel and energy sector may be due to the strategic importance of these industries for the economy. According to BI.ZONE, espionage is the main target for 35% of cyber groups attacking industrial enterprises.
In the financial sector, there is an increase in the activity of cyber groups. According to experts, in 2023, 16% of clusters attacked financial organizations, and in the first half of 2024 - already 25%.
Despite the increase in absolute indicators, the share of highly critical incidents decreased from 0.7% to 0.6%. In the first half of 2024, BI.ZONE analysts recorded 39 highly critical cyber incidents, and a year earlier - 26. Experts attribute the reduction in the share of critical incidents to the wider use of specialized endpoint protection solutions of the endpoint detection and response (EDR) class. Over the past two years, their share in the Russian market has increased 1.5-2 times.
Phishing and exploiting vulnerabilities in external services remain the most common methods of penetration into IT infrastructure. However, a more serious threat is posed by attacks through contractors, which are more difficult to detect in the early stages. They are responsible for the majority of serious cyber incidents in 2024.
Attackers actively use legitimate accounts, whose data is stolen with the help of styler programs. Popular attack tools include tools for building network tunnels ngrok and Stunnel, as well as remote access utilities PhantomRAT and Sliver.
The top 5 most popular attack tools also include Gsocket, an open source remote access program. Criminals began to actively use Gsocket in 2023 to execute arbitrary commands on a remote system and copy files bypassing firewalls.
Source
The world of cybersecurity is experiencing new trends: the sharp increase in the number of cyber incidents observed in 2022 and early 2023 has begun to slow down. The share of highly critical incidents also decreased slightly. Such conclusions are contained in the analytical report of BiZone for the first half of 2024.
BI.ZONE specialists recorded an increase in the number of cyber incidents by almost 40% compared to the same period last year. At the same time, the dynamics of cyber incidents by quarter is interesting. So, in 2023, 10% more incidents were detected in the second quarter than in the first. In 2024, the gap widened to 36%. Experts attribute this to a large number of days off at the beginning of the year and a decrease in the activity of conducting pentests during the holiday periods.
The leaders in the number of cyber incidents were industry and energy (38%), the IT industry (27%) and the financial sector (15%). For comparison, in the first half of 2023, industry accounted for 37% of incidents, the IT industry-26%, and the financial sector - 10%. The increased interest of intruders in industry and the fuel and energy sector may be due to the strategic importance of these industries for the economy. According to BI.ZONE, espionage is the main target for 35% of cyber groups attacking industrial enterprises.
In the financial sector, there is an increase in the activity of cyber groups. According to experts, in 2023, 16% of clusters attacked financial organizations, and in the first half of 2024 - already 25%.
Despite the increase in absolute indicators, the share of highly critical incidents decreased from 0.7% to 0.6%. In the first half of 2024, BI.ZONE analysts recorded 39 highly critical cyber incidents, and a year earlier - 26. Experts attribute the reduction in the share of critical incidents to the wider use of specialized endpoint protection solutions of the endpoint detection and response (EDR) class. Over the past two years, their share in the Russian market has increased 1.5-2 times.
Phishing and exploiting vulnerabilities in external services remain the most common methods of penetration into IT infrastructure. However, a more serious threat is posed by attacks through contractors, which are more difficult to detect in the early stages. They are responsible for the majority of serious cyber incidents in 2024.
Attackers actively use legitimate accounts, whose data is stolen with the help of styler programs. Popular attack tools include tools for building network tunnels ngrok and Stunnel, as well as remote access utilities PhantomRAT and Sliver.
The top 5 most popular attack tools also include Gsocket, an open source remote access program. Criminals began to actively use Gsocket in 2023 to execute arbitrary commands on a remote system and copy files bypassing firewalls.
Source
