Murkyware (term)
Murkyware, in cybersecurity, refers to legitimate software that is used by threat actors to execute adversarial tactics and techniques (ATT&CK) on compromised systems.[1] Largely because it remains unflagged by the majority of antivirus and EDR software, hence earning its moniker. The term is often associated with dual-use software that can be leveraged by threat actors to conduct cyber attacks across all phases of the kill chain. This term can also be associated with legitimate software that covertly gathers and transmits data about specific targets without their consent. Murkyware is often linked to foreign nations known for engaging in espionage against the United States and its allies.
Definition and uses
Mukyware is frequently used to describe dual-use software, acknowledging the nuanced nature of software capable of serving both legitimate and malicious purposes. Its application in cybersecurity highlights the complexities of legitimate third-party software that is leveraged to achieve cyber effects. The following features of murkyware are distinguished:
- Dual-Functionality: Murkyware often exhibits dual-use capabilities, capable of serving both legitimate and malicious purposes.
- LOLBAS Integration: Murkyware incorporates techniques akin to LOLBAS (Living Off the Land Binaries And Scripts), utilizing system binaries and scripts for malicious activities. This makes it hard for security teams to distinguish between legitimate and malicious activities, since they are all performed by trusted system utilities.[2]
History
The term Murkyware was coined by cybersecurity expert, Mohamed Amer, in 2020 and is currently a registered trademark for his company.[3] Amer introduced the term to draw attention to cybersecurity risks associated with legitimate software leveraged by ransomware operators to remain undetected within corporate networks.[4]
Reception
The introduction of the term Murkyware represents a significant development in cybersecurity lexicon, as it focuses specifically on legitimate tools used in cyber attacks.
By creating a distinct term, opportunities for collaboration and knowledge sharing across the cybersecurity community are expanded. Analysts, researchers, and organizations can collaborate to crowdsource insights, share best practices, and collectively combat software threats.
Murkyware serves as a crucial concept in understanding and addressing the intricate nature of software-based threats in the cybersecurity landscape. Its recognition underscores the importance of vigilance and collaboration in mitigating the risks posed by dual-use software.
References
- ↑ "Software | MITRE ATT&CK®". attack.mitre.org. Retrieved 27 March 2024.
- ↑ "LOLBAS". lolbas-project.github.io. Retrieved 27 March 2024.
- ↑ "Trademark Status & Document Retrieval". tsdr.uspto.gov. Retrieved 15 July 2022.
- ↑ "Murkyware™ Scanner - Anti-Ransomware Tool". Murkyware. Retrieved 27 March 2024.