Blog Security Threats Making WAVs - Incident Response to a Cryptomining Attack Blog The Guardicore Labs Team is a global research group, consisting of hackers, cybersecurity researchers, and industry experts. Last month, Guardicore Labs provided incident response to an attack hitting a medium sized company in the medical tech sector. The victim network was infected with a well-obfuscated malware, hiding a Monero cryptominer inside WAV files. The attacker attempted to propagate within the organization by infecting machines running Windows 7 – an operating system soon becoming End-of-Life – and exploiting the infamous EternalBlue vulnerability. \r\n In the following sections, we describe our efforts in several vectors: detection, infection, network propagation and malware analysis. We then share our recommendations for optimizing incident response processes in data centers. Finally, we provide a list of IoCs for the observed attack.…