Is MDSec Nighthawk the new great cyber security threat?

Continuous innovation by threat actors worldwide continues to disrupt network security strategies and tactics. The proliferation of low-cost, high-functionality software and hardware has made it easy for malicious individuals and groups to launch attacks that subvert our expectations and target weaknesses in our applications, networks, or other digital systems.?

All this to say, the new big question plaguing businesses and the cyber security community surrounds MDSec’s Nighthawk – a digital security tool known for its advanced capabilities that are said to give today's security measures a run for their money.?

The question itself is this: is Nighthawk the latest security tool we ought to be concerned with? A reasonable musing. But one with an answer we already know.??

A simple overview of Nighthawk

Developed by UK-based information security company, MDSec, Nighthawk is a cyber security program intended for red teams to carry out penetration testing – exercises designed to replicate real cyber threats to help users identify and mitigate vulnerabilities in an organisation's systems.?

The program, which is known for being highly skilled at avoiding detection when in use, was officially released at the end of 2021, with a comprehensive vetting process to make it harder for unlawful entities to acquire the platform through (ironically) lawful means.

Nighthawk already has the tools of the trade

When threat actors see an opportunity, such as using authorised solutions to advance their capabilities, they take it. Compromised tools are inherently capable of misleading cyber security professionals, making it harder for them to differentiate between legitimate and fraudulent traffic within a network. They also tend to contain unique features that can throw security measures for a loop.?

When we consider Nighthawk's penchant for evasion and the implications this has for criminal movement within systems, it is no wonder that the platform is sparking concerns among security experts – an evasive cyber threat has a much easier time bypassing security measures and gaining access to sensitive information.

Unauthorised access will never deter threat actors

In response to a blog post that sparked the initial question of Nighthawk's potential as cybercriminals' newest Excalibur, MDSec confirmed that they only send their platform to certain areas where they have licences for, such as member states of the European Union, Canada, Australia, Japan, etc. In accordance with any regulations regarding the purchasing of the platform, it is available for commercial use, effectively widening the scope of who it can reach.

To be fair, in the same response as mentioned above, MDSec details its vetting process for Nighthawk, clarifying that they require significant amounts of information as to the interested party's usage of the platform.

This includes:

• Company details, including locations and the program's owner (aka the intended recipient of the platform).
• Formal documents outlining the platform's intended use.

MDSec does not offer Nighthawk to entities that are not reputable red teams, ultimately making it more difficult for the everyday person to acquire the program for their own use. There are two sides to this coin. On one side, we can feel better knowing that a platform like Nighthawk is being handled by cyber security professionals who are in the business of administering authentic data security measures to protect our information.?

On the other side, in-depth vetting processes can deliver no promises if a determined cybercriminal stumbles across the program, reverse engineers it, and uncovers new ways to exploit its use to further their aims. Case in point, Cobalt Strike.

What is Cobalt Strike, and how does it relate to Nighthawk?

A product of Fortra (a cyber security solutions firm mainly headquartered in Minnesota), Cobalt Strike is a penetration testing tool that allows red teams to perform a wide variety of security tests on networks. It includes features to help businesses find vulnerabilities, assess the security of their systems, and detect and exploit issues.??

Cobalt Strike was developed with a noble cause in mind. Unfortunately, malicious actors abused those good intentions to rip off the platform and turn versions of it (whether they be legitimate or, more likely, illicit versions from the Dark Web) into a weapon against cyber security.?

?To the detriment of sensitive information and companies everywhere – it worked. From 2019 to 2020, the number of Cobalt Strike-powered cybercrime incidents increased by 161%, demonstrating to threat actors that network and application security tools are no longer roadblocks but are golden opportunities to make it big in the cyber underworld.?

In the debate surrounding MDSec's Nighthawk, Cobalt Strike is frequently brought up as a comparison for several reasons, such as:

• They are commercially available for use.
• Both are used for network security testing and attack simulations.
• They operate within command and control (C2) guidelines.

To keep it simple, programs like Nighthawk and Cobalt Strike provide threat actors with the means to flip the tables on cyber security solutions and practices. Whereas professionals interested in protecting sensitive data think like malicious entities to stay a step ahead of them, Cobalt Strike (and perhaps Nighthawk) give malevolent bodies the ability to approach their crimes from the perspective of the authorities to launch sophisticated attacks with relative ease.

Does Nighthawk have a place in the new era of cybercrime??

As business leaders and owners working in our current times, we can all agree that cybercrime is like a scar on the business landscape. It will always be present, and no matter how much time passes, it will not truly fade. It is believed that cyber security threats cost "Australia's economy about $42 billion a year".

When we take into account that threat actors are constantly updating their methods of attack, the question of Nighthawk's inclusion on the already long list of cyber threats is not so much an enquiry but more of a universal fact. Already, we have witnessed a range of digital threats break their way into mainstream media at the expense of our information and privacy.??

In 2022 alone, Australia has seen, or, at the very least, heard of the following institutions becoming victims of cyber threats:

• Optus
• Medibank
• Telstra
• The University of Western Australia
• Samsung
• And plenty more

While the organisations above cannot pin their situations onto MDSec's Nighthawk, we can look at them and see larger implications. Telecommunications, healthcare, and higher education – the three sectors that were (and are routinely) attacked by digital threats. What can we glean from this? Threat actors are becoming more brazen in their missions to damage our information security measures and exploit our data.????

As of now, there is no concrete data and information that suggests "any leaked version of Nighthawk" exists in the bowels of the internet. But this does not give us the licence to sit back and believe our infrastructures are secure and out of the digital woods. The cyber world's underbelly has a history of evolving with the times, and there is little doubt that by now, the world has evolved to become a much more data-driven, machine-readable place.?

It is unlikely that threatening entities will not find a way to bend Nighthawk and make it work for them. Especially now that the platform has found itself as a hot topic in the back alleys and streets of the cyber security landscape. The best we can do is invest in remediation practices and solutions that can help protect us when the next cyber threat, perhaps born from Nighthawk, is discovered.???

Innovative threats call for more intelligent security strategies

In the future, it will not be out of the realm of possibility for Nighthawk-developed threats to give even the most advanced security solutions trouble. No matter what nation, state, territory, sector, or building our businesses work out of, we need to develop and deploy remediation strategies that can help keep our networks, customers, and employees safe.

We must:

• Regularly update software and firmware on devices to protect against known vulnerabilities.?
• Deploy robust cyber security policies that are adhered to by all employees.?
• Conduct routine vulnerability scans and implement necessary countermeasures.?
• Adopt security solutions that monitor traffic on networks to identify and flag suspicious activity.
• Invest in cyber security awareness training to keep our knowledge up-to-date on security threats and reduce the chances of us falling victim to social engineering and other attacks.
• Identify the information we need to protect and develop our strategies to orbit around them.
• Create risk management plans to gain a holistic look at our companies' information security solutions.

We need to keep an eye on MDSec Nighthawk … and every other software tool out there

Cyber security is a critical part of the modern business landscape, and we need to take measures to protect our systems and data and, by extension, our team members and customers. While Nighthawk's similarities with other penetration testing tools make it stand out in a row of software programs that could be exploited by cyber threats, we cannot single it out as the only platform that will ever serve as a weapon for threat actors.

We need to consider every tool we (and our external partners) utilise to conduct our operations. As much as we wish it were not the case, no program is impervious to the threats of cybercrime. We need to be conscious of the risks posed by any piece of software, no matter how seemingly safe it may appear or what it is meant to be used for. In cyber security – in business – the road to ruin is paved with oversights and complacency.?

And that is no journey any company should be forced to take.

How are your organisation's cyber security solutions????