IntSum – Week 32 | 8th – 12th August 2022

Key Issue: Cybercriminals leverage new C2aaS platform for malware campaigns
Cybercriminals: Ransomware groups compromise automotive sector companies
Nation-State: North Korea continues to launch revenue-generating campaigns
Hacktivist: Pro-Russian hacktivists target Currency with daily DDoS campaigns

KEY ISSUE EXPLAINED

Cybercriminals leverage new C2aaS platform for malware campaigns.

Since early 2022, cybercriminals have employed Dark Utilities, a new Command and Control as a service platform (C2aaS), to support their operational infrastructure.

Dark Utilities is sold for EUR 9.99 on dark web marketplace forums and marketed as a full-featured platform that enables command execution, Layer 4 and Layer 7 Distributed Denial of Service (DDoS) attacks, remote access to target networks, and Monero cryptocurrency mining on infected machines.

Dark Utilities also has the ability to host multiple types of payloads through its Interplanetary File System, which enables Dark Utilities users to target several architectures without individually possessing significant development resources. To date, cybercriminals have leveraged Dark Utilities
to target Windows and Linux systems, as well as gain remote access and deploy cryptocurrency miners.

Given its low cost and extensive functionality, we assess that in addition to the 3,000 current active subscribers, the Dark Utilities user base will continue to expand rapidly, especially amongst lesser skilled adversaries lacking the technical capability to develop their C2 infrastructure. An increase in subscribers will likely increase the volume of malware deployments attempting to establish C2 using Dark Utilities.