Sophos Uncovers Cybercrime Forum Contests Inspiring New Methods of Attack

Sophos, a global cybersecurity provider, has recently unveiled the unsettling trend of research contests hosted on cybercrime forums, which are driving the evolution of hacking techniques and evasion strategies.
TeamViewer user on a laptop
In a report titled “For the Win? Offensive Research Contests on Criminal Forums,” Sophos X-Ops sheds light on these contests that resemble legitimate security conferences’ “Call For Papers” and are incentivizing cybercriminals to develop innovative attack methodologies.

In a remarkable evolution, cybercrime contests have transitioned from rudimentary trivia quizzes and graphic design competitions to intricate technical challenges. These contests, taking cues from conventional contests, involve submitting comprehensive articles accompanied by source code, videos, and screenshots. The submitted entries are subjected to community voting, although forum owners and contest sponsors also exert influence over the final decision.

Sophos’ Director of Threat Research, Christopher Budd, emphasized the significance of these contests: “The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques.” Budd pointed out that these competitions might even serve as recruitment tools for major threat actor groups.

Notably, the focus of these contests has shifted towards Web-3 related topics like cryptocurrencies, smart contracts, and NFTs, indicative of cybercriminals’ adaptation to emerging trends. However, several winning entries possessed broad applicability, signaling a potential inclination among attackers to retain their most potent research for personal exploitation in real-world attacks.

Sophos X-Ops’ research delved into two prominent annual contests: one organized by the Russian-language cybercrime forum Exploit, offering an impressive $80,000 prize to its 2021 winner, and another hosted on the XSS forum, featuring a prize pool of $40,000 in 2022. High-profile figures in the cybercriminal sphere, including All World Cards and Lockbit, have actively sponsored these contests over the years.

Exploit’s recent contest centered on cryptocurrencies, reflecting the forum’s adaptation to the digital financial landscape. Meanwhile, the XSS contest embraced a wide array of themes, ranging from social engineering and attack vectors to evasion and scam strategies. Many winning entries demonstrated the exploitation of legitimate tools like Cobalt Strike. Noteworthy tutorials included targeting initial coin offerings (ICOs) for cryptocurrency funding and manipulating privilege tokens to disable Windows Defender.

Sophos’ groundbreaking investigation into these offensive research contests underscores the persistent innovation driving cybercriminal tactics. As the cybersecurity landscape continues to evolve, it is imperative for defenders to stay ahead of these emerging threats and adapt their strategies to counter the ever-changing techniques employed by malicious actors.