Pwns for sale: Scythe prepares a marketplace for sharing simulated hacks:
Scythe, a software company that spun out of the security-testing company Grimm, has been working for the past few years on a platform that allows corporate information-security teams to build security-testing campaigns—creating "synthetic malware" and crafting phishing campaigns or other attacks that mimic the techniques, tactics, and practices of known threat groups. And unlike some of the automated penetration-testing or threat-simulation products out there, Scythe retains the human in the loop—making it a useful tool to both internal security testers and external "red team" consultants.
Ars has tested earlier versions of the Scythe platform (starting in 2017, when it was still known as Crossbow), wreaking havoc on a set of victim systems in our lab and doing hands-on-keyboard things that a red team would typically do to simulate an attack. The platform allowed for the construction of "malware" that would work only on systems within a specific network-address range tailored to the task and capable of downloading additional modules of functionality once installed. The faux malware is deployable as executable files or dynamic linking libraries, allowing the emulation of more advanced malware attacks. Since it is custom generated, its signature doesn't match known malware; endpoint protection software has to catch its behaviors. (Windows 7's Windows Defender did not catch on, but my limited malware crafting skills were caught by other endpoint systems in custom campaigns I built; the packaged modules did much better in crushing my intentionally limited defenses.)
[...] At the RSA Conference this month in San Francisco, that marketplace will be officially launched. "Consultancies use us for the services they sell," Bort told Ars. "The marketplace will allow them to build their own modules." Those modules of capability can either be open source and shared freely across the platform, or the developers can resell their modules to customers or other consultancies.
The modular approach is something that's familiar to people in the security testing and research world—particularly those who've used the Metasploit framework for Web and application security testing over the years (or used it for the FBI to unmask child-porn site visitors). The big difference in Scythe's approach is that they'll be essentially available in an "app store" within Scythe's interface and ready to adapt to an organization's specific needs.
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @01:25PM (4 children)
When your security team is led by diversity hires, it doesn't take a sophisticated threat group using sophisticated tools to break in.
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @01:31PM
That's so true! Our company's CISO wouldn't allow us to use a firewall... she said that stopping hackers from getting in might harm their sense of self-worth, and that some of the hackers may self-identify as females in which case we would be committing a gender crime.
(Score: 1) by catholocism on Sunday February 23 2020, @01:54PM (1 child)
Why is that? Do white penises provide a defense against digital threats?
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @05:22PM
Ask Equifax, moron.
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @07:28PM
Don't know about that.
The last 3 attacks I have got, looked pretty good. I learned long ago do not originate from inside an email and log in and see what is going on. Do not trust email.
But the last 3 I got were *really* good. I mean correct spelling, graphics pull from the correct servers, even the correct 'if you think this is spam' email. The only thing wrong was the 'dispute this charge' which obviously lead to a malware site.
The only reason I spotted it immediately was because I did not have an account at the place I work at.
My guess they took a real email changed it just slightly and poof. Instant phish attack.