Cyber war: After WannaCry, world faces massive cryptocurrency attack
After facing a massive
"WannaCrypt" ransom ware attack that exploited vulnerability in a
Microsoft software and hit 150 countries, the same Windows vulnerability
(MS17-010) has also been exploited to spread another type of malware that is
quietly but fast generating digital cash from machines it has infected.
According to a report in The Registrar
on Wednesday, tens of thousands of computers globally have been affected by the
"Adylkuzz attack" that target machines, let them operate and only
slows those down to generate digital cash or "Monero" crypto currency
in the background.
"Monero" -- being popularized
by North Korea-linked hackers -- is an open-source crypto currency created in
April 2014 that focuses on privacy, decentralization and scalability.
It is an alternative to Bitcoin and is
being used for trading in drugs, stolen credit cards and counterfeit goods.
"Initial statistics suggest that
this attack may be larger in scale than WannaCry, because this attack shuts
down SMB networking to prevent further infections with other malware (including
the WannaCry (worm) via that same vulnerability," US-based cyber security
firm Proof point researchers were quoted as saying in the report.
This is how a crypto currency attack
works.
The hackers need to mine crypto
currency using computers/computing devices (IoT included).
"Mining of crypto currency simply
means solving complex cryptography problems designed within the algorithm of a
cyber-currency that requires a lot of computing," Saket Modi, CEO and
Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS.
Also Read:
To draw a parallel, there can only be
21 million Bitcoins that can be mined out of which 16 million have already been
mined, informed Modi.
"Monero", on the other side,
is slightly different than Bitcoin but for simplification's sake, it can be
assumed that it follows a similar architecture and similar mining process.
"Hence, there is a new wave of cyber-attacks where the hacker
is least interested in the personal information of the victim and instead his
only motivation is to gain access to the CPU of the victim's
computer/mobile/IoT device so that they can use it to mine more currencies (and
correspondingly make more money)," Modi told IANS.
This looks like something more
dangerous than "WannaCrypt" as the victim doesn't come to know that
they have been hacked, but, on the other side, "the good part is that the
hacker here is not interested in the victim's personal data," Modi told
IANS.
To achieve this, the hackers find vulnerability
in one of the servers in the targeted organization or they would infect a
website which employees of a targeted organization often visit.
"They would then infect the IT
infrastructure of the target with malware and would identify where a server
running SWIFT software is installed. They would download additional malware to
interact with SWIFT software and would try to drain the organization’s
accounts," Altaf Halde, Managing Director of Kaspersky Lab (South Asia),
told IANS.
According to Proofpoint, the
"Adylkuzz" attack is still growing.
"Once infected through use of the
'EternalBlue' exploit, the crypto currency miner 'Adylkuzz' is installed and
used to generate cyber cash for the attackers," Robert Holmes, Vice
President of products at Proofpoint, was quoted as saying.
According to experts, the
"Adylkuzz" began its attack on or before May 2, more than a week
before "WannaCrypt" arrived and hit 150 countries, including India.
"Indications are that the crooks
behind 'Adylkuzz' have generated a lot more money than the 'WannaCrypt' ransom
ware fiends," The Registrar report noted.
According to cyberscoop.com,
"Monero" doubled in price over the last month to around $23 while
other digital currencies, including bitcoin, saw a mixed month.
"Cybercriminals intrigued by the
currency's promises of greater anonymity are using it more often on black
markets." it said.
This is how organizations can save
themselves from such crypto currency attacks.
"If your organization has software
tools for conducting money transactions like SWIFT software, invest into
additional protection and regular security assessment in addition to standard
protection measures implemented on all other parts of the organization’s network,"
Halde informed.
Protect backup servers as they contain
information that can be of use for attackers: passwords, logins, and
authentication tokens.
Also Read:
Complete information about WannaCry, a ransomware program
"When deploying specialized
software for money processing follow recommendations and best security practices
from your software vendor and security professionals," Halde added.
In case of suspicion of intrusion,
request for professional assistance with incident response.
Via IndiaToday
Post a Comment