{"id":88990,"date":"2023-04-19T12:30:00","date_gmt":"2023-04-19T12:30:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=88990"},"modified":"2023-04-19T12:30:00","modified_gmt":"2023-04-19T12:30:00","slug":"cyberuk-23-irresponsible-use-of-commercial-hacking-tools-a-rising-threat","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88990","title":{"rendered":"CyberUK 23: Irresponsible use of commercial hacking tools a rising threat"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/04\/cyberuk-23-irresponsible-use-of-commercial-hacking-tools-a-rising-threat.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The marketplace for <a href=\"https:\/\/www.computerweekly.com\/resources\/Hackers-and-cybercrime-prevention\">commercial hacking tools and services<\/a> is set to expand dramatically between now and 2028, leading to the victimisation of more organisations and individuals in a far more unpredictable threat landscape, according to threat researchers at the UK\u2019s National Cyber Security Centre (NCSC).<\/p>\n<p>Published on <a href=\"https:\/\/www.computerweekly.com\/news\/365535375\/CyberUK-23-NCSC-CEO-calls-for-collaboration-and-warns-against-complacency\">the opening day of the<i> <\/i>NCSC\u2019s annual CyberUK conference<\/a>, currently underway in Belfast, the report offers fresh insights into how the barriers to entry for irresponsible or malicious cyber actors is lowering and how commercial products such as spyware, pen-testing and red teaming tools \u2013 and even freelance \u201chackers-for-hire\u201d \u2013 are increasing the risk of unpredictable targeting or unintentional escalation.<\/p>\n<p>It highlights in particular how more than 80 countries have purchased cyber intrusion software \u2013 such as the Pegasus mobile trojan <a href=\"https:\/\/www.computerweekly.com\/news\/252516106\/NSO-Group-faces-court-action-after-Pegasus-spyware-used-against-targets-in-UK\">built by disgraced Israeli firm NSO Group<\/a> \u2013 and used such tools to target activists, dissidents, foreign states, journalists and political opponents. It warns that the development of tools with similar capabilities is likely to diversify to meet demand.<\/p>\n<p>\u201cOver the next five years, the proliferation of cyber tools and services will have a profound impact on the threat landscape, as more state and non-state actors obtain capabilities and intelligence not previously available to them,\u201d said the NCSC\u2019s director of resilience and future technology, Jonathon Ellison.\u202f<\/p>\n<p>\u201cOur new assessment highlights that the threat will not only become greater but also less predictable as more hackers for hire are tasked with going after a wider range of targets and off-the-shelf products and exploits lower the barrier to entry for all.\u202f\u202f<\/p>\n<p>\u201cTo maintain safety in cyberspace it is crucial these capabilities are managed with a responsible, proportionate and legally sound approach and working with international partners, the UK is determined to address this rising challenge,\u201d said Ellison.<\/p>\n<p>The report highlights how the irresponsible use of spyware is \u201calmost certainly\u201d going on at a scale far larger than we have imagined, and that we should expect to see more high-profile exposures of victims of this technology, and other commercial cyber tools.<\/p>\n<p>It also explores how freelance hackers pose a growing corporate espionage threat, while potentially significant financial rewards from malicious activity may incentivise state employees or contractors to turn to hacking, particularly during the cost-of-living crisis. <a href=\"https:\/\/www.computerweekly.com\/feature\/Why-some-jobseekers-have-turned-to-cyber-crime-during-the-pandemic\">A similar trend was seen during the Covid-19 pandemic<\/a>, when many technically savvy people who had been laid off or furloughed during various national lockdowns took to advertising their skills on underground hacking forums to try to pay their bills.<\/p>\n<section class=\"section main-article-chapter\" data-menu-title=\"Sophisticated industry\">\n<h3 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Sophisticated industry<\/h3>\n<p>The NCSC said that over the past 10 years, cyber intrusion has become an increasingly organised industry offering various products and services to \u201ccustomers\u201d, including off-the-shelf capabilities, bespoke services, and the sale of valid zero-days and tool frameworks.<\/p>\n<p>It said that the sophistication of this industry was now reaching a point where it can rival the equivalent capabilities of advanced persistent threat (APT) groups that are ultimately funded, or at least tasked, <a href=\"https:\/\/www.computerweekly.com\/news\/365535572\/CyberUK-23-Alert-over-mercenary-Russian-threat-to-CNI\">by hostile intelligence agencies such as Russia\u2019s GRU<\/a>.<\/p>\n<p>To better tackle this threat, the NCSC suggests that the commercial intrusion sector \u2013 that is to say, the legitimate developers of tools that have proven useful to malicious actors, <a href=\"https:\/\/www.cobaltstrike.com\/\">such as Cobalt Strike<\/a> and the like \u2013 may benefit from a more coherent and joined-up approach to international oversight, although a lack of consensus in this regard may hinder this.<\/p>\n<p>Nevertheless, it said, establishing international consensus and norms on the development and sale of commercial cyber capabilities is likely to nudge commercial providers to do more to protect their products from misuse, and vet and limit who has access to them. &nbsp;<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>The marketplace for commercial hacking tools and services is set to expand dramatically between now and 2028, leading to the victimisation of more organisations and individuals in a far more unpredictable threat landscape, according to threat researchers at the UK\u2019s National Cyber Security Centre (NCSC). Published on the opening day of the NCSC\u2019s annual CyberUK [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":88991,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-88990","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88990"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88990\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88991"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}