Cybersecurity professionals have recently noticed a significant increase in the use of a relatively new malware called Skitnet, also known as Bossnet, predominantly deployed in the post-exploitation stages of system breaches.

Allegedly, cyber gangs specializing in ransomware attacks have made this malicious tool, which alms to maintain and enhance their unauthorized access to compromised systems.

Understanding Skitnet

Skitnet is a sophisticated suite of post-exploitation tools, designed for stealthy lateral movement across breached networks, persistence, and circumvention of protective security measures.

It features obfuscation capabilities to evade detection and uses advanced techniques for remote communication, credential theft, and data exfiltration.

Usage by Ransomware Gangs

The newly observed trend connects the usage of Skitnet specifically with ransomware gangs.

While ransomware is often deployed as an immediate tool for extortion, Skitnet appears to be used to consolidate the attacker’s position in the breached network, allowing them to extract more value from their attacks.

Prominent among the threat actors leveraging on Skitnet’s capabilities include highly notorious ransomware groups with identifiers such as REvil, Ryuk, and Conti.

Their operations, characterized by the so-called ‘big game hunting’ approach, typically target high-value networks where potential disruptions can translate to significant financial gains.

Real-world Examples

A recent case involved the attack on a large financial institution, where apart from the ransomware deployment, Skitnet was found covertly placed at strategic points within the network infrastructure.

This allowed the attackers to maintain unrecognized access points and further exploit the system, even after the initial ransomware attack had been mitigated.

Preventive Measures

As Skitnet continues to pose increased cybersecurity risks, experts highlight the importance of a robust defense strategy.

Maintaining up-to-date antivirus solutions, implementing multi-factor authentication, and regular security awareness training can stave off potential compromise.

In addition, proactive threat hunting and endpoint detection and response (EDR) capabilities can significantly increase chances of timely detection and therefore, mitigation.