Hacker botnets can automate a cyber attack in 15 seconds

Researchers find advanced tools being used by low-level attackers

Hackers are using botnets to automate the process of hacking into networks, security researchers have found.

The discovery was made when a 'honeypot' of fake user data was released to the dark web to tempt hackers into exploiting the data. Masquerading as data from a financial services company, the security firm released usernames and passwords for the Remote Desktop Protocol (RDP) for three servers in the network to dark markets and paste sites to see how hackers would respond, according to a blog post by Ross Rustici, head of intelligence services at Cybereason.

He said that once set up, automated bots came along to the honeypot to carry out the groundwork for human attackers before they entered the network environment, including exploiting known vulnerabilities, scanning the network and dumping the credentials of compromised machines.

The botnet also created new user accounts, which would allow the attackers to access the environment if the users of the compromised machines changed their passwords. And the botnet carried out these functions in approximately 15 seconds.

"For defenders, automatic exploitation in a matter of seconds means they'll likely be overwhelmed by the speed at which the botnet can infiltrate their environment," Rustici said.

He added that the increasing automation of internal network reconnaissance and lateral movement is an even larger concern.

"These tools will drop the average dwell time of an attacker from a couple of hours to a couple of minutes," he said.

Two days after the third botnet finished its work, a human attacker entered the environment, according to the post. Cybereason researchers knew it was a human because the attacker logged in with a user account created by the botnet. Also, a user interface application was opened and remote access capabilities were accessed, functions not typically carried out by bots.

"The attacker already had a roadmap to the environment and wasted no time creating an exfiltration capability and siphoning off 3GB of information. This data was junk files with little value to any criminals, which is why the stolen data never appeared on the dark web," he said.

He added that the experiment revealed the commoditisation of using bots to perform low-level tasks. "At one time, only advanced attackers had this capability. But as tools that were once used by only sophisticated adversaries become more generally available, even novice attackers now have this capability."

Oliver Pinson-Roxburgh, EMEA director at Alert Logic told IT Pro that he was not surprised that organisations are starting to see this behaviour given the rise in popularity of browser miners as a way to monetise attacks.

"We see the miner malware automatically looking to identify other miners in the environment and shut the current hackers down in order to spin up their own systems. They are also looking to stay persistent for as long as possible in an asset, as controls on the cryptocurrency side starts to improve ways to detect what a valid miner looks like," he said.

Image: Shutterstock

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021