link4263 link4264 link4265 link4266 link4267 link4268 link4269 link4270 link4271 link4272 link4273 link4274 link4275 link4276 link4277 link4278 link4279 link4280 link4281 link4282 link4283 link4284 link4285 link4286 link4287 link4288 link4289 link4290 link4291 link4292 link4293 link4294 link4295 link4296 link4297 link4298 link4299 link4300 link4301 link4302 link4303 link4304 link4305 link4306 link4307 link4308 link4309 link4310 link4311 link4312 link4313 link4314 link4315 link4316 link4317 link4318 link4319 link4320 link4321 link4322 link4323 link4324 link4325 link4326 link4327 link4328 link4329 link4330 link4331 link4332 link4333 link4334 link4335 link4336 link4337 link4338 link4339 link4340 link4341 link4342 link4343 link4344 link4345 link4346 link4347 link4348 link4349 link4350 link4351 link4352 link4353 link4354 link4355 link4356 link4357 link4358 link4359 link4360 link4361 link4362 link4363 link4364 link4365 link4366 link4367 link4368 link4369 link4370 link4371 link4372 link4373 link4374 link4375 link4376 link4377 link4378 link4379 link4380 link4381 link4382 link4383 link4384 link4385 link4386 link4387 link4388 link4389 link4390 link4391 link4392 link4393 link4394 link4395 link4396 link4397 link4398 link4399 link4400 link4401 link4402 link4403 link4404 link4405 link4406 link4407 link4408 link4409

After WannaCrypt, world faces massive cryptocurrency attack

After WannaCrypt, world faces massive cryptocurrency attack

"Adylkuzz attack" for cryptocurrency began on or before May 2, more than a week before "WannaCry" that hit 150 countries, including India

  An alternative to Bitcoin, cryptocurrency is being used for trading in drugs,

stolen credit cards and counterfeit goods. After facing a massive “WannaCrypt” ransomware attack that exploited a vulnerability in a Microsoft software and hit 150 countries, the same Windows vulnerability (MS17-010) has also been exploited to spread another type of malware that is quietly but fast generating digital cash from machines it has infected.

According to a report in The Registrar on Wednesday, tens of thousands of computers globally have been affected by the “Adylkuzz attack” that target machines, let them operate and only slows those down to generate digital cash or “Monero” cryptocurrency in the background. “Monero” — being popularized by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation, and scalability.

It is an alternative to Bitcoin and is being used for trading in drugs, stolen credit cards and counterfeit goods. “Initial statistics suggest that this attack may be larger in scale than WannaCry[pt], because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry[pt] worm) via that same vulnerability,” US-based cyber security firm Proofpoint researchers were quoted as saying in the report.

How a cryptocurrency attack works?

The hackers need to mine cryptocurrency using computers/computing devices (IoT included). “Mining of cryptocurrency simply means solving complex cryptography problems designed within the algorithm of a cyber-currency that requires a lot of computing,” Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS. To draw a parallel, there can only be 21 million Bitcoins that can be mined out of which 16 million have already been mined, informed Modi. “Monero”, on the other side, is slightly different than Bitcoin but for simplification’s sake, it can be assumed that it follows a similar architecture and similar mining process.

“Hence, there is a new wave of cyber attacks where the hacker is least interested in the personal information of the victim and instead his only motivation is to gain access to the CPU of the victim’s computer/mobile/IoT device so that they can use it to mine more currencies (and correspondingly make more money),” Modi told IANS. This looks like something more dangerous than “WannaCrypt” as the victim doesn’t come to know that they have been hacked, but, on the other side, “the good part is that the hacker here is not interested in the victim’s personal data,” Modi told IANS.

To achieve this, the hackers find a vulnerability in one of the servers in the targeted organization or they would infect a website which employees of a targeted organization often visit. “They would then infect the IT infrastructure of the target with malware and would identify where a server running SWIFT software is installed. They would download additional malware to interact with SWIFT software and would try to drain the organization’s accounts,” Altaf Halde, Managing Director of Kaspersky Lab (South Asia), told IANS. According to Proofpoint, the “Adylkuzz” attack is still growing.

“Once infected through use of the ‘EternalBlue’ exploit, the cryptocurrency miner ‘Adylkuzz’ is installed and used to generate cybercash for the attackers,” Robert Holmes, Vice President of products at Proofpoint, was quoted as saying. According to experts, the “Adylkuzz” began its attack on or before May 2, more than a week before “WannaCrypt” arrived and hit 150 countries, including India. “Indications are that the crooks behind ‘Adylkuzz’ have generated a lot more money than the ‘WannaCrypt’ ransomware fiends,” The Registrar report noted. According to cyberscoop.com, “Monero” doubled in price over the last month to around $23 while other digital currencies, including bitcoin, saw a mixed month. “Cybercriminals intrigued by the currency’s promises of greater anonymity are using it more often on black markets,” it said.

How to save your organizations from cryptocurrency attacks?

“If your organisation has software tools for conducting money transactions like SWIFT software, invest into additional protection and regular security assessment in addition to standard protection measures implemented in all other parts of the organization’s network,” Halde informed. Protect backup servers as they contain information that can be of use for attackers: passwords, logins, and authentication tokens. “When deploying specialized software for money processing follow recommendations and best security practices from your software vendor and security professionals,” Halde added. In a case of suspicion of intrusion, request for professional assistance with incident response.

Chuck Reynolds
Contributor
Please click either Link to Learn more about TCC-Bitcoin.

Alan Zibluk Markethive Founding Member