Open-source Build-Your-Own-Botnet framework eyed by cybercriminals for malicious activities

• Cybersecurity firm Perception Point detected an intrusion from attackers using the open-source Build Your Own Botnet (BYOB) framework.
• This incident is the first of a kind when it comes to the use of the framework for conducting attacks in the wild.

Build Your Own Botnet (BYOB) framework, an open-source project which allows researchers and ethical hackers to study and experiment with botnets, is now under the radar of attackers for misuse in cyberattacks.

Cybersecurity firm Perception Point has intercepted an attack using a BYOB framework yesterday, which makes this the first such incident using the framework for an attack in the wild.

Intrusion through email

The details of the attack were documented in a report by Infosecurity Magazine. The attackers relied on email communications where they would send victims a phishing mail.

The phishing mail contains an HTML attachment which resembles the Office 365 login page. When the recipient clicks on it, it loads a malware into their system. Thus, a connection is established between the attacker and the victim following which it can be misused for any malicious activity.

“The attack we intercepted was a targeted email attack against one of our clients. It was distributed via the email channel so the extent of it is to whomever the attacker chose to send it to. The nature of the tool [BYOB] used in the attack is mass remote control; therefore, we presume that this wasn't a single email sent, and we expect that others might have been compromised by this attack as well,” said Shlomi Levin, CTO of Perception Point.

BYOB was developed so as to foster cybersecurity defenses through research on attacker tactics and techniques. It was mainly intended to study various botnets and adversary TTPs observed in the cyberspace.

Researchers expect that attacks using BYOB will increase in the future as more threat actor groups get acquainted with such tools.

With cybercriminals now using this framework for performing attacks, it puts the security community in a precarious position since the open-source nature of such resources can be exploited further by illicit actors.