Experts Find New Cyber Attack “Adylkuzz” Using NSA Hacking Tools
More dangerous than WannaCry
The world faced a massive ransomware attack using WannaCry, an NSA hacking tool last week, which affected 150 countries.
While investigating the WannaCry attack, experts found another ongoing cyber attack. The cybersecurity firm Proofpoint said the newly discovered attack, using Adylkuzz, is a lot quieter than WannaCry, but “has likely generated millions of dollars in cryptocurrency for the unknown attackers.” ABC News continued:
According to Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, the attack employed the same hacking tools developed by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group Shadow Brokers in April to exploit vulnerabilities in the Microsoft Windows operating system.
“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Kalember told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”
The firm reported it found attacks from Adylkuzz “dating back to May 2, which would predate the WannaCry attacks, making Adylkuss the first known widespread use of the leaked NSA hacking tools.” Again, no one noticed this attack “because its impact on users is far less noticeable than ransomware.” ABC News continued:
“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”
Proofpoint described why the attackers used Adylkuzz:
In this attack, Adylkuzz is being used to mine Monero cryptocurrency. Similar to Bitcoin but with enhanced anonymity capabilities, Monero recently saw a surge in activity after it was adopted by the AlphaBay darknet market, described by law enforcement authorities as “a major underground website known to sell drugs, stolen credit cards and counterfeit items.” Like other cryptocurrencies, Monero increases market capitalization through the process of mining. This process is computationally intensive but rewards miners with funds in the mined currency, currently 7.58 Moneros or roughly $205 at current exchange rates.
Figure 3 shows Adylkuzz mining Monero cryptocurrency, a process that can be more easily distributed across a botnet like that created here than in the case of Bitcoin, which now generally requires dedicated, high-performance machines.
No one knows the attackers behind this attack, but Kalember stated that the “North Korean-backed Lazarus Group – the same hacker group linked to the WannaCry attacks – launched a similar cryptocurrency mining attack in late 2016.”
Microsoft produced patches for PCs “to address the vulnerability exploited by both WannaCry and Adylkuzz.” Proofpoint warned people that if the attacks poisoned their PCs, it can still remain compromised even after installing the patches. The firm encouraged everyone, though, to download the patches.
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
If government can get into systems, then so can everyone else.
Thanks Obama
I think it is very important to point out that if not for American spy agencies the attackers could have gone to the Hacking Team and bought exploits to build their stuff from.
I expect every spy agency to have tools like this. It’s their job, and if anyone thinks we don’t need the agencies, read Smiley’s final lecture to the students in “The Secret Pilgrim” written by one of ProfJ’s faviorite writers John LeCarre.
For decades Microsoft has led the movement to make computers insecure ( in the 90s a ten year old could break into a Windows computer, the best known Unix/Vax malware was the worm written by Robert Tapan Morris, a studnet working on his PhD thesis, compare the level of sophistication needed ). Now computers have been “eternal septemberized”.
Each desktop/laptop comes witha BIOS/UEFI. A small bit of code that allows the operating system to do basic things with the particular hardware get data from a hard drive, get a character from the keyboard, draw a screen etc.
It was possible to update this software, but in the old days you had to download the updated software to a floppy and reboot, probably flick a switch too. Today you do not even have to be in the room, you can do it over the net. That goes for other electronic devices too. Like your modem/router/gateway.
For a long time the rush to be the first bunch to finish software and get people using it at the cost of poor architecture which results in flaws. Like people building houses quicker by leaving locks off the doors.
Now we are discovering that was not such a good idea.
Speaking of hacks: I think it’s time to remove the Amazon/Washington Post link from this blog.
If anything, encourage people to shop locally and give Bezos a reality check.
There are other venues than Amazon, such as ebay or Walmart.com, or http://www.barnesandnoble.com.
So what if it cost an extra buck or two or takes an extra day or two. Your way of life is at stake.
NSA fingerprints… extortionists… global ransoms… baby hunts… Democratic interests. It’s only logical.