Awake Security Researcher Says Repurposed Crypto Mining Software Can Siphon Corporate Intel
Could Mining Software Be Used To Steal Corporate Secrets?
During the last 6 months, cryptocurrency mining activities have experienced a strong decline after the hash rate of the Bitcoin network got reduced by 44% since its all-time high in August. Since the beginning of the year, virtual currencies lost more than 50% of their value and in some cases, the drop surpasses 95%.
Several mining rigs have been disconnected from the network as well. Bitcoin’s price falling as it happened harmed the industry and cleaned the market from inefficient miners.
However, cybercriminals could take advantage of the mining software that is available in the market. The crypto mining software could be used to attack a company and steal corporate secrets. This is what Troy Kent, a threat researcher at Awake Security, mentioned a the InfoSecurity North America Conference in New York this month.
As reported by CNBC, he mentioned that miners can steal files and intellectual property. About it, Troy Kent said:
“With this attack, people are using a tool, a crypto miner that they’re used to seeing on their network. But they’re not used to responding to it as a thought it is a legitimate threat, like a botnet or a Trojan. They can come in and they can steal files, they can steal intellectual property, they can steal credentials and then log in as maybe the CEO. Or they can download more software. They can bring down services.”
However, he mentioned that he is not sure whether hackers are using the technique to attack companies. He decided to share the information in order to make companies aware that this is something that can happen. It is also important to mark that the threat is stealthy and cybersecurity teams could not even be able to find it.
In order to start the attack, the attacker will take over the computer and work in a similar way as when they mine virtual currencies for their profit without having to pay for electricity.
Kent explains that companies should adopt advanced detection methods that are based on behavior and analytics. This would help the market avoid these issues int he future and protect companies against these attacks.