Security News > 2020 > October > Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits developed by them.
"Instead of focusing on an entire malware and hunting for new samples of the malware family or actor, we wanted to offer another perspective and decided to concentrate on these few functions that were written by an exploit developer," Check Point Research's Itay Cohen and Eyal Itkin noted.
Noticing the fact that the exploit and the malware were written by two different sets of people, the researchers used the binary's properties as a unique hunting signature to find at least 11 other exploits developed by the same developer named "Volodya".
"Finding a vulnerability, and reliably exploiting it, will most probably be done by specific teams or individuals who specialize in a particular role. The malware developers for their part don't really care how it works behind the scenes, they just want to integrate this [exploits] module and be done with it," the researchers said.
With cyberattacks expanding in scope, frequency, and magnitude, using an exploit developer's code signature as a means to track down bad actors could provide valuable insight into the black exploit market.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/6DRmnaFJT5g/exploit-development.html
Related news
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)