Friday, December 14, 2018


Banner Content

Even though cryptocurrency prices have fallen, cybercriminals could still take advantage of mining software, and not for the reasons you think.

Troy Kent, a threat researcher for Awake Security, presents his research at the InfoSecurity North America Conference in New York City.

Source: CNBC
Troy Kent, a threat researcher for Awake Security, presents his research at the InfoSecurity North America Conference in New York City.

“With this attack, people are using a tool, a crypto miner that they’re used to seeing on their network. But they’re not used to responding to it as though it is a legitimate threat, like a botnet or a Trojan,” Kent said in an interview with CNBC. “They can come in and they can steal files, they can steal intellectual property, they can steal credentials and then log in as maybe the CEO. Or they can download more software. They can bring down services.”

Kent said he is unsure whether hackers are already using this technique to attack companies, but wanted to share his research so businesses can be on guard.

“If I can do it, then absolutely an attacker could do it, whether they’re very sophisticated or not sophisticated at all,” he said.

This code shows simulation of cryptomining software being used to steal data from a business.

Source: CNBC
This code shows simulation of cryptomining software being used to steal data from a business.

The threat is stealthy and cybersecurity teams may have trouble finding it. “Depending on the type of detection that they’re using, it’s very possible that they [businesses] would miss this attack, or at least deprioritize it, or dismiss it as only a miner,” Kent said

The attack begins like cryptojacking, when hackers take over your computer to mine cryptocurrencies for their profit.

To protect themselves, Kent suggests companies adopt more advanced detection methods based on behavior and analytics.

0 Comments

Leave a Comment

Advertisement

Predator 21 x