The evolution of criminal forum competitions: from harmless beginnings to lucrative ventures
Sophos X-Ops presents in its latest report titled "For the win? Offensive Research Contests on Criminal Forums", presents an examination of research contests organized by cybercrime forums to drive innovation in attack methods. These competitions are similar in structure to the "call for papers" of legitimate security conferences and offer winners significant financial incentives, recognition from their peers, and potential professional opportunities. The submissions that come to light as part of these competitions provide cybersecurity professionals with valuable insights into the methods used by cybercriminals and their approach to overcoming security barriers.
"The fact that cybercriminals are organizing, participating in and even sponsoring these competitions suggests that there is a common goal to further develop their tactics and techniques. There is even evidence that these competitions serve as a recruitment tool among prominent cybercriminal groups," said Christopher Budd, director of threat research at Sophos.
Once rather harmless, today it's all about big money
Once comparatively harmless, criminal forum competitions have now developed into lucrative ventures. The tradition of such competitions goes back many years, but it is fascinating to see how they have been transformed over time. Initially, these activities were limited to quizzes, graphic design competitions and guessing games. Nowadays, however, forum members are encouraged to submit technical articles including source code, videos and/or screenshots. These works are then judged by other forum users to determine the winner. It should be noted, however, that the judging is not completely transparent, as forum operators and contest sponsors appear to have special voting privileges.
"While our research shows an increased focus of cybercrime on Web 3-related topics such as cryptocurrencies and NFTs, many of the winning submissions in the contests had a broader application. They were characterized by the fact that they would be applicable almost immediately and were often not particularly innovative. This could either reveal the priorities of the community, or it could be evidence that attackers want to keep their best research results to themselves so that they don't have to show their cards and then use their new tactics profitably in real attacks," continues Christopher Budd.
Sophos has examined two competitions in more detail
Sophos X-Ops has analyzed two major annual competitions. One is a series of events at the Russian-language cybercrime forum Exploit in 2021, which offered prize money of 80,000 US dollars. On the other hand, another series of competitions in the so-called XSS forum in 2022 was investigated, in which prize money of 40,000 dollars was available. Over several years, well-known members of the cybercrime community have financially supported these events, including All World Cards and Lockbit.
In the most recent competitions, Exploit focused its bids on cryptocurrencies, while XSS covered a variety of topics, from social manipulation and attack vectors to evasion strategies and scam bids. Many of the winning entries focused on using legitimate tools such as Cobalt Strike for abusive purposes. One runner-up submitted a tutorial that explained how to conduct Initial Coin Offerings (ICOs) to raise funds for a new cryptocurrency, and another tutorial showed how to manipulate privileges to disable Windows Defender.