Cybereason today announced that researchers from Cybereason Lab have discovered that hackers are upgrading the ubiquitous Kovter malware to provide them with access to the computer networks of Fortune 500 companies.
Named Operation Escalation, Cybereason discovered that highly prevalent click-fraud and adware tools, once installed in corporate environments, are upgraded by hackers into more malicious software. This provides the hackers with complete control over high-valued corporate assets, which are later sold over the dark Web to nation-states, groups engaged in financial cyber crime, or hacktivist gangs.
Today, security teams consider commodity-based click-fraud and adware programs low-risk threats, especially when compared to zero-day vulnerabilities and ransomware threats. However, Cybereason Lab’s Operation Escalation discovery reminds companies they shouldn’t dismiss these threats. As hackers look to monetize their assets, low-risk threats are successfully utilized as conduits into larger companies. Access to these high-value targets demands more money on the black market.
“Commodity threats have the potential to evolve into sinister tools, forcing enterprises to reconsider how they handle these programs. Simply put, enterprises can no longer disregard seemingly benign programs that have infected their network since they can be used as a backdoor into corporate networks,” said Israel Barak, CISO and Cybereason incident response director. “Overworked security teams have to prioritize their workloads, and often choose to disregard threats they believe will have a limited impact on the organization. Security teams cannot be expected to eradicate all low-level threats due to their high prevalence on user machines. But they should develop an approach to track if low-level threats evolve into a higher risk programs and be able to eradicate these cases.”
Operation Escalation findings also suggest:
To read more about Operation Escalation and learn how to protect against evolving low-level threats, download the report.