The world faced a massive ransomware attack using WannaCry, an NSA hacking tool last week, which affected 150 countries.
While investigating the WannaCry attack, experts found another ongoing cyber attack. The cybersecurity firm Proofpoint said the newly discovered attack, using Adylkuzz, is a lot quieter than WannaCry, but “has likely generated millions of dollars in cryptocurrency for the unknown attackers.” ABC News continued:
According to Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, the attack employed the same hacking tools developed by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group Shadow Brokers in April to exploit vulnerabilities in the Microsoft Windows operating system.“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Kalember told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”
The firm reported it found attacks from Adylkuzz “dating back to May 2, which would predate the WannaCry attacks, making Adylkuss the first known widespread use of the leaked NSA hacking tools.” Again, no one noticed this attack “because its impact on users is far less noticeable than ransomware.” ABC News continued:
“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”
Proofpoint described why the attackers used Adylkuzz:
In this attack, Adylkuzz is being used to mine Monero cryptocurrency. Similar to Bitcoin but with enhanced anonymity capabilities, Monero recently saw a surge in activity after it was adopted by the AlphaBay darknet market, described by law enforcement authorities as “a major underground website known to sell drugs, stolen credit cards and counterfeit items.” Like other cryptocurrencies, Monero increases market capitalization through the process of mining. This process is computationally intensive but rewards miners with funds in the mined currency, currently 7.58 Moneros or roughly $205 at current exchange rates.Figure 3 shows Adylkuzz mining Monero cryptocurrency, a process that can be more easily distributed across a botnet like that created here than in the case of Bitcoin, which now generally requires dedicated, high-performance machines.
No one knows the attackers behind this attack, but Kalember stated that the “North Korean-backed Lazarus Group – the same hacker group linked to the WannaCry attacks – launched a similar cryptocurrency mining attack in late 2016.”
Microsoft produced patches for PCs “to address the vulnerability exploited by both WannaCry and Adylkuzz.” Proofpoint warned people that if the attacks poisoned their PCs, it can still remain compromised even after installing the patches. The firm encouraged everyone, though, to download the patches.
CLICK HERE FOR FULL VERSION OF THIS STORY