Hackers might have another way to steal data from corporations: cryptomining software.
Troy Kent, a threat researcher at Awake Security, presented his findings at the InfoSecurity North America Conference in New York earlier this month.
“With this attack, people are using a tool, a crypto miner that they’re used to seeing on their network. But they’re not used to responding to it as though it is a legitimate threat, like a botnet or a Trojan,” Kent said in an interview with CNBC. “They can come in and they can steal files, they can steal intellectual property, they can steal credentials and then log in as maybe the CEO. Or they can download more software. They can bring down services.”
Kent noted that he isn’t sure if hackers have actually used this technique to carry out cyberattacks yet.
“If I can do it, then absolutely an attacker could do it, whether they’re very sophisticated or not sophisticated at all,” he added.
He suggested that companies need to implement more advanced detection methods based on behavior and analytics.
“Depending on the type of detection that they’re using, it’s very possible that they [businesses] would miss this attack, or at least deprioritize it, or dismiss it as only a miner,” he said.
This is not the first time hackers have used mining for nefarious purposes. Earlier this year, it was reported that hackers have been able to take in millions by covertly mining digital currency. As a result, Google banned apps that mine cryptocurrency in the background of a user’s device.
And in September it was revealed that hackers are using WannaCry to infect computers and mine cryptocurrency, with one major Fortune 500 multinational hit by a massive attack.
“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, head of the security research team at Cybereason. “Once their first machine was hit, the malware propagated to more than 1,000 machines in a day.”