Home | Blog

Proliferation of Commercial Cyber Tools – NCSC’s Report

Cyber Proliferation

As hardware-based cyber-attack tools like RubberDucky, Flipper, BashBunny, Ninja, and OMG cables become increasingly accessible and affordable, a new wave of security concerns is on the rise. Cyber proliferation is accelerating as these tools, once limited to elite threat actors, are now widely available to anyone with minimal technical knowledge. This widespread accessibility allows malicious actors to launch sophisticated attacks with ease, making traditional security measures less effective. The proliferation in cyber security is not just about the number of threats increasing; it’s about the shifting landscape where low-cost, high-impact attack methods are becoming commonplace.

The National Cyber Security Centre (NCSC) has recently published a report highlighting the risks associated with the proliferation of commercial cyber-attack tools. This commoditization of offensive cyber capabilities raises significant concerns for businesses, organizations, and individuals alike. Attack tools that were once the domain of state-sponsored actors are now in the hands of cybercriminals, corporate spies, and even opportunistic insiders. As these threats continue to evolve, organizations must recognize that cyber proliferation is not a distant risk—it is a present reality requiring urgent attention and proactive defense strategies.

The Proliferation of Commercial Cyber Tools

Key finding #1 – “Proliferation of commercial cyber tools will pose a growing threat to organizations and individuals globally, new report predicts”

Is it that easy to acquire cyber-attack tools? Well, it is! As many of the attack tools are categorized and sold as pen testing (PT) equipment – one can buy them with no actual restrictions. Their ridiculous cost, sometime down to a couple of Euros (i.e., DigiSpark via AliExpress), makes it a non-issue budget wise. These pen testing tools are often supported by a large community (i.e., RubberDucky). Which provides a continuous stream of updated payloads that can bypass existing cybersecurity products.

The Rise of Hackers for Hire

Key finding #2 – “GCHQ’s National Cyber Security Centre warns of “unpredictable targeting or unintentional escalation” as demand for hackers-for-hire set to rise.”

Despite the fact that these hardware attack tools are easy to master, a growing list of freelancers now offer their services for individuals or other entities. You want a Keylogger script that will go undetected? No worries! Ransomware via a charging cable? Hell yes! Do you want it for Ninja or OMG cable? Do you want to grab someone’s WiFi password, just select your tool of choice and wire the money. This ease of operation may lure people into this domain from “classic-legacy” criminal activity into the virtual domain.

The Challenge of Tracing Cyber Attacks

Key finding #3 – “It highlights how over the past decade more than 80 countries have purchased cyber intrusion software. Some states have likely employed these tools irresponsibly to target journalists, human rights activists, political dissidents, opponents, and foreign government officials.

There is no accountability if there is no traceability. In past cyber incidents, a significant effort has been made during the incident response (IR) or forensic phase to discover who is responsible for a certain attack. Urban legends about specific time zones of files, line codes that presumably revealed the state behind a certain campaign. The commoditization of attack tools provides an additional protection layer for attackers using them. Attackers utilizing widely available tools like RubberDucky or Raspberry Pi Zero can expose their payloads for public access and download. How can one trace it? So if you can not put the specifically blame an adversary – how can you retaliate against him?

The Imperative of Continuous Monitoring Evolving Cyber Threats

Key finding #4 – There’s a need for continuous monitoring and threat intelligence

Attackers (and pen testes) today, are fully aware of the capabilities of existing cybersecurity solutions. In any battle of minds, potential adversaries can engage in a head-to-head struggle to avoid detection by cybersecurity products, identifying their weaknesses or blind spots. The other option, which is gaining popularity is attacking from a completely different surface. Through hardware assets. Yes, it does require the introduction of a physical, local element to the victim’s premises. But due to the scarcity of good cybersecurity solutions to detect these attacks (usually introduced by internal abusers or hardware supply chain attacks), the success rates are looking very promising.

Organizations, must always adapt a proactive approach with regards to threat intelligence. Understanding that what you are not familiar with will come back to bite you. So it’s up to you, to constantly be on the lookout on the “latest trends” in cybersecurity attacks, engage with peers to gain as much insight, as soon as possible, about newly introduced attack methods.

The Future Impact of Proliferating Cyber Tools on State and Non-State Actors

Key finding #5 – “Over the next five years, the proliferation of cyber tools and services will have a profound impact on the threat landscape, as more state and non-state actors obtain capabilities and intelligence not previously available to them.”

The availability of cyber-attack tools helps state actors, target a larger number of victims, without the risk of losing or revealing significant capabilities. Capturing even one of the tools results in a minimal “strategic loss.” This allows states to keep their crown jewels capabilities for their top target and use local “classic criminals” to spread the “commodities” cyber attack tools, in larger numbers.

Proliferation of Commercial Cyber Tools and Sepio Asset Risk Management

First, a shift in mindset is required. Understanding that hardware-based attack tools are no longer solely the “playground” for state sponsored activities. Tools once exclusive to state-sponsored actors are now accessible, learnable, and deployable by nearly anyone. A frustrated ex-employee, a rogue private investigator looking for business intelligence, a suspecting spouse and local crime organizations. Once you understand that you, or your organization could be a potential target, then your halfway there.

The second half is making sure that you have the required physical layer visibility into those attack tools. Emerging threats need an emerging technology. In many cases, cyber attack tools can only be discovered by examining the physical layer which is the only true source. Physics remains truthful; once an asset connects, its presence alters the physical layer parameters of the interface. Sepio’s patented technology makes harnesses this new data source to detect and mitigate those “illusive” assets, that go undetected by legacy technologies.

May 9th, 2023
Bentsi Ben Atar

Bentsi Ben Atar
CMO, Co-founder

Related Posts

  •
    DoD Cybersecurity Framework

    Explore the DoD Cybersecurity Framework to protect IT, OT, and IoT assets from rising threats and hardware supply chain vulnerabilities.

  •
    Asset Risk Management (ARM)

    Discover Sepio Asset Risk Management (ARM) platform, providing visibility and control over IT/OT/IoT assets to mitigate risks at scale.