Troy Kent, a threat researcher for Awake Security, presents his research at the InfoSecurity North America Conference in New York City.
“With this attack, people are using a tool, a crypto miner that they’re used to seeing on their network. But they’re not used to responding to it as though it is a legitimate threat, like a botnet or a Trojan,” Kent said in an interview with CNBC. “They can come in and they can steal files, they can steal intellectual property, they can steal credentials and then log in as maybe the CEO. Or they can download more software. They can bring down services.”
Kent said he is unsure whether hackers are already using this technique to attack companies, but wanted to share his research so businesses can be on guard.
“If I can do it, then absolutely an attacker could do it, whether they’re very sophisticated or not sophisticated at all,” he said.