Entities offering Cyberattacks-as-a-Service are fairly common and the newest member of the club, called Dark Utilities, is gaining popularity quickly.
First spotted in 2022, Dark Utilities specializes in Command-and-Control (C2) attacks. C2-as-a-Service (C2aaS) can include remote access, command execution, distributed denial-of-service (DDoS) attacks, and more. And all for the low low cost of €9.99 (about $10.20 US) per attack.
Once the end-user makes the purchase, they’re presented with a dashboard from which they can run their nefarious scheme. That dashboard allows them to custom tailor payloads to specific operating systems as well as run commands on infected machines.
To make matters worse, Dark Utilities uses the InterPlanetary File System (IPFS) to host its malware bits and baubles. This makes content moderation and intervention from law enforcement nearly impossible.
Once a payload has been generated, it’s up to the end-user to solicit it amongst their targets. From what we can tell Dark Utilities doesn’t offer any means of helping the buyer target and install its product on end-points.
How can you protect yourself?
At this time we can’t rightly say if any of the next-generation protective products would be of much help in defending you from an infestation. There’s a good chance they would. They keep up to date regarding emerging threats and whatnot.
The best way to protect yourself is through understanding the process, or life cycle, of these kinds of attacks and knowing where the weak points (so to speak) are.
For that, we recommend you familiarize yourself with Social Engineering Attacks. Attackers typically use social engineering attacks to accomplish their goals of infecting your end-points and other information technology systems.
If you and your end-users can learn how to spot one of these attacks, you’ll be doing yourself a huge favor in the long run.