Carbon Black release latest threat report
Thursday, August 8, 2019
Dubbed “Access Mining” by Carbon Black researchers, this particular attack stands to affect more than 500,000 computers around the world. The methods used could pave…
Carbon Black has released a threat report outlining how a well-known cryptomining campaign has been enhanced to steal system access information for possible sale on the dark web.
Dubbed “Access Mining” by Carbon Black researchers, this particular attack stands to affect more than 500,000 computers around the world. The methods used could pave the way for more dangerous and far-reaching attacks as threats considered lower priority can open the door for more advanced, targeted attacks that can be sold to the highest bidder.
The discovery was made after the CB ThreatSight team alerted Carbon Black’s TAU about unusual behaviour seen across a handful of endpoints. The ensuing investigation revealed sophisticated, multi-stage malware that was sending detailed system metadata to a network of hijacked web servers, presumably for the purposes of resale on one or many remote access marketplaces across the dark web.
Carbon Black TAU researchers Greg Foss and Marina Liang presented their research in a report “Access Mining: How a Prominent Cryptomining Botnet is Paving the Way for a Lucrative and Illicit Revenue Model.”
The duo will also be presenting their results live at the Black Hat USA 2019 conference in Las Vegas on Thursday 8th August at 13:20 PT in Business Hall Theatre A.
“Access Mining is a tactic where an attacker leverages the footprint and distribution of commodity malware, in this case a cryptominer, using it to mask a hidden agenda of selling system access to targeted machines on the dark web,” the researchers said.
“This discovery indicates a bigger trend of commodity malware evolving to mask a darker purpose and will likely catalyse a change in the way cybersecurity professionals classify, investigate and protect themselves from threats.”