January 18, 2024 at 03:26PM
Cyberattackers are using a new gray-area tool called 9hits Traffic Exchange to generate artificial page views for websites. This tool allows users to buy credits and exchange them for traffic to a specific site, potentially inflating engagement numbers for advertisers. Attackers are targeting Docker services to deploy this tool along with a cryptominer.
After reviewing the meeting notes, here are the key takeaways:
1. Container-focused cyber attackers are using a new payload called 9hits Traffic Exchange, which generates artificial page views for websites.
2. 9hits allows members to purchase “credits” to send a specified amount of traffic to a website using an automated viewer app, even without actual user engagement.
3. While 9hits may be used to inflate visitor engagement numbers for advertisers, its use is not illegal unless deployed without consent, thereby stealing compute resources.
4. According to researchers at Cado Security, attackers are targeting vulnerable Docker services to deploy both the XMRig cryptominer and 9hits. 9hits, in particular, is a novel tool being used by the attackers.
5. The attackers are using compromised hosts to profit by utilizing the 9hits app to authenticate with their servers, pull a list of sites to visit, and accrue credits on the 9hits platform.
6. These credits can then be converted into traffic for the attacker’s chosen site, which can subsequently be monetized in various ways, including selling it to an ad network.
Let me know if there are any additional details or specific actions that need to be highlighted from these notes.