A report by international cyber security authorities highlights the use of five publicly available hacking tools and techniques, observed in recent cyber incidents around the world.
The report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the UK and USA.
‘Reports like this demonstrate our ability to pull together cyber security experts from across the globe, to give people a better understanding of what’s out there and how they can better defend their networks,’ said Alastair MacGibbon, Head of the Australian Cyber Security Centre.
‘Tools and techniques for exploiting networks and the data they hold are by no means limited for use by nation states or criminals on the dark web.’
‘Hacking tools that provide a variety of functions are widely and freely available for use by everyone from skilled penetration testers, state actors and organised criminals, through to amateur hackers,’ he said.
The tools detailed in this report are utilised after a system has been compromised to enable an actor to further their objectives within a network.
Experience from the authors shows that while cyber actors continue to develop their capabilities, they are not abandoning common or established Tools, Techniques and Procedures (TTPs).
Even more sophisticated groups will use publicly available tools and take advantage of basic security flaws to achieve their objectives.
‘These tools continue to be used to compromise information across a wide range of critical sectors, including health, finance, government and defence,’ Mr MacGibbon said.
‘The tools mentioned in this report have been widely observed as having continued negative impact, which can be mitigated if good security practices are followed.’
The report provides tangible and practical advice to enable cyber security practitioners to improve their cyber security posture.