Companies shouldn’t be so quick to dismiss low-level threats like adware, click-fraud malware and other commodity programs. These threats aren’t as harmless as they initially appear.
Cybereason’s research team has observed multiple instances of attackers upgrading commodity threats into more dangerous and complex programs. These enhanced programs function as remote access tools and carry out malicious actions in addition to flooding a person’s browser with ads or conducting click-fraud campaigns. Hackers, intent on maximizing their assets, are in some cases then selling this access to high-value companies on the black market. We’ve named this type of attack Operation Escalation.
In his BSides Las Vegas talk, Cybereason CISO Israel Barak, will present a specific case in which one of the company’s customers, a Fortune 500 enterprise, was victimized by this type of attack. Israel will dissect the operation and show the attack’s timeline and what actions the hackers took to transform basic Kovter click-fraud malware into an advanced tool. These actions included adding DGA communication capabilities and evasion mechanisms. Israel will discuss what’s motivating attackers to add these features and present approaches companies can use to protect themselves against this new threat.