It is currently 22-11-2017 11:59

Hackers raise the virtual machine on the victim's PC to hide the traces of attacks

Hackers raise the virtual machine on the victim's PC to hide the traces of attacks

by seo_worker » 2016-08-24 15:35:06



Researchers at SecureWorks write that found on the arms of cybercriminals a new technique of attack. And although in reality this method of attack is hardly new and revolutionary, it must be admitted that analysts SecureWorks encountered an interesting case. Experts have found that for concealment of their actions, the attackers lifted the victim's computer the virtual machine, intending to act from under her.

Analysts at SecureWorks investigated a strange incident that occurred in the network of a customer of the company on 28th July 2016 and caused actuation of the safety platform SecureWorks. Although at first glance everything looked normal, the researchers raised the logs the system administrator of the victim company and found in them a reason why the safety system beat anxiety.

Qoute:"the Criminals managed to gain a level of access that allowed them to interact with Windows Explorer through Terminal Services Client, — explain the experts. — The following image shows that the attackers used Microsoft Management Console to run Hyper-V Manager, which is used for infrastructure configuration Microsoft virtual machine".




Fortunately for the victim of the attack, the company car that managed to compromise the attacker, she was virtual, so what to carry out conceived, the attackers failed. Attempt to connect to the just created VM by vmconnect.exe not successful for obvious reasons.

Despite this, the analysts SecureWorks acknowledge that the plan of the attackers was good. Raising the virtual machine, and acting under it, the attackers could escape from the watchful eye of security systems and, for example, to steal secret data, and the fact of theft of this information could be uncovered for a very long time.
seo_worker
moderators
Сообщений: 767
Депозит: 0.005 BTC

Rating: 2