Release the Kraken!!!!!

March 30, 2015 | Garrett Gross
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

We all know how difficult it is to keep your users from downloading malicious files and/or visiting suspect websites even when you tell them explicit things to look out for (malformed urls, executables, files with multiple extensions, etc). What if the actual malware payload is hidden in Microsoft Office documents that your users send and receive thousands of times daily? One such piece of malware, dubbed “Kraken”, has proven to be highly effective as well as lucrative.

We are seeing a lot of attackers use malware to compromise servers and then repurpose them for their evil ways: adding the servers to their botnet, using them as command & control points or, as we see with Kraken, mining Bitcoins with them. The problem is that Bitcoin mining takes up a lot of computing power and can rob your environment of resources needed for actual business operations. In the case of cloud-based servers falling victim to this attack where resources are elastically allocated when needed (read: a computer that grows in power as you use more), this has a direct financial impact. In fact, we have seen cloud services bills increase tenfold during these attacks. Imagine your AWS bill going from $2,000 a month to $20,000!!

The impact on you can be:

  • Abuse of your computing resources impacts performance and could possibly bring down an entire system
  • If your cloud-based servers are used in this attack, the financial impact could be devastating to your business
  • If resources under your control are used in these types of attacks, your company could be inadvertently associated with criminal behavior

The AlienVault Labs team released an IDS signature and a correlation rule to detect when a system infected by the Kraken RAT communicates with the C&C server. The AlienVault Labs security research team continuously researches evolving threats and delivers new correlation rules to our AlientVault Unified Security Management (USM) platform regularly to keep our customers at the forefront of threat detection.

You can get more details on the latest USM threat intelligence updates here.

Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial