According to an official release on August 31, 2023, Sophos, a cybersecurity organisation, announced that it has discovered how research contests run by cybercrime forums are helping to find new methods of attack and detection evasion. The contests are expected to show legal security conference ‘Call For Papers’ and provide the winners financial rewards and recognition from peers and can also offer jobs.
With insights from Sophos X-Ops latest report, “For the Win? Offensive Research Contests on Criminal Forums,” these contests are expected to drive innovation. It is also believed that the entries might be able to provide invaluable insight into how cybercriminals attempt to overcome security obstacles.
The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques. There is even evidence to suggest that these competitions act as a tool for recruitment amongst prominent threat actor groups,” Christopher Budd, director, threat research, Sophos, explained.
Furthermore, Sophos X-Ops explored two annual contests: one run by the Russian-language cybercrime forum Exploit, offering a total prize fund of $80,000 to the winner of its contest in 2021, and another run on the XSS forum, with a prize pool of $40,000 in 2022, as per insights from the official release.
