Dark Utilities: Off the shelf Command-And-Control Attacks…

by

August 8, 2022

Entities offering Cyberattacks-as-a-Service are fairly common and the newest member of the club, called Dark Utilities, is gaining popularity quickly.

First spotted in 2022, Dark Utilities specializes in Command-and-Control (C2) attacks. C2-as-a-Service (C2aaS) can include remote access, command execution, distributed denial-of-service (DDoS) attacks, and more. And all for the low low cost of €9.99 (about $10.20 US) per attack.

Once the end-user makes the purchase, they’re presented with a dashboard from which they can run their nefarious scheme. That dashboard allows them to custom tailor payloads to specific operating systems as well as run commands on infected machines.

To make matters worse, Dark Utilities uses the InterPlanetary File System (IPFS) to host its malware bits and baubles. This makes content moderation and intervention from law enforcement nearly impossible.

Once a payload has been generated, it’s up to the end-user to solicit it amongst their targets. From what we can tell Dark Utilities doesn’t offer any means of helping the buyer target and install its product on end-points.

How can you protect yourself?

At this time we can’t rightly say if any of the next-generation protective products would be of much help in defending you from an infestation. There’s a good chance they would. They keep up to date regarding emerging threats and whatnot.

The best way to protect yourself is through understanding the process, or life cycle, of these kinds of attacks and knowing where the weak points (so to speak) are.

For that, we recommend you familiarize yourself with Social Engineering Attacks. Attackers typically use social engineering attacks to accomplish their goals of infecting your end-points and other information technology systems.

If you and your end-users can learn how to spot one of these attacks, you’ll be doing yourself a huge favor in the long run.

Check out Security7 Network’s Social Engineering Attack Guide.

 

Carl Keyser is the Content Manager at Integris.

Keep reading

What to Know Before Installing Co-Pilot for Microsoft Word

What to Know Before Installing Co-Pilot for Microsoft Word

Imagine having an AI assistant that pulls from your notes, marries them to an existing document format, and writes a document for you. That's the power of Copilot for Microsoft Word, which is planned for rollout in 2024 for those who buy the Copilot M365 license....

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...