In a curious turn of events, it was found that popular penetration testing tools are the most widely used by attackers. Cybersecurity researchers at Recorded Future’s Insikt Group found Cobalt Strike and Metasploit to be the most popular option for hosting malware command and control (C&C) servers.
The researchers collected more than 10,000 unique C&C servers in at least 80 malware families by 2020.
“The most commonly observed families were dominated by open source or commercially available tools,” the researchers wrote.
Wrong side of the fence
Penetration testing tools, also known as offensive security tools, and red teaming tools have also found their way into attackers’ toolkits in recent years, the report said.
While Cobalt Strike made up 1,441 of the C&C server, Metasploit followed just behind with 1,122. Together, the two were found in 25% of all C&C servers. Additionally, the group also noticed the introduction of lesser known open source tools such as …