The world is yet to overcome the shock of the ‘WannaCry’ ransomware attack which wreaked havoc in 150 countries and here comes another threat – the Adylkuzz Cryptocurrency Mining Malware. A vulnerability in a Microsoft software (MS17-010) has been exploited and another type of malware is on the spread. The malware quietly but fast generates digital cash from machines it has infected.
A report in The Registrar has claimed that Adylkuzz attack has affected tens of thousands of computers globally. The Adylkuzz Cryptocurrency targets machines, let them operate and only slows them down to generate digital cash or "Monero" cryptocurrency in the background.
North Korea-linked hackers are popularising ‘Monero’, which is an open-source cryptocurrency created in April 2014. It focuses on privacy, decentralisation and scalability.
An alternative to Bitcoin, Monero is being used for trading in drugs, stolen credit cards and counterfeit goods.
"Initial statistics suggest that this attack may be larger in scale than WannaCry, because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry (worm) via that same vulnerability," US-based cyber security firm Proofpoint researchers were quoted as saying in the report.
How a cryptocurrency attack works?
The hackers mine cryptocurrency using computers/computing devices (IoT included). "Mining of cryptocurrency simply means solving complex cryptography problems designed within the algorithm of a cyber-currency that requires a lot of computing," Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, said.
Modi said that in order to draw a parallel, there can be only 21 million Bitcoins that can be mined out of which 16 million have already been mined.
Monero, which is slightly different than Bitcoin, follows a similar architecture and similar mining process.
"Hence, there is a new wave of cyber attacks where the hacker is least interested in the personal information of the victim and instead his only motivation is to gain access to the CPU of the victim's computer/mobile/IoT device so that they can use it to mine more currencies (and correspondingly make more money)," Modi said.
This appears to be more dangerous than "WannaCrypt" as the victim doesn't come to know that they have been hacked, but, on the other side, "the good part is that the hacker here is not interested in the victim's personal data," he said.
"They would then infect the IT infrastructure of the target with malware and would identify where a server running SWIFT software is installed. They would download additional malware to interact with SWIFT software and would try to drain the organisation's accounts," Altaf Halde, Managing Director of Kaspersky Lab (South Asia), told IANS.
Proofpoint has reported that the Adylkuzz attack is still growing. "Once infected through use of the 'EternalBlue' exploit, the cryptocurrency miner 'Adylkuzz' is installed and used to generate cybercash for the attackers," Robert Holmes, Vice President of products at Proofpoint, was quoted as saying.
Adylkuzz attack began on or before May 2, more than a week before ‘WannaCry’.
"Indications are that the crooks behind 'Adylkuzz' have generated a lot more money than the 'WannaCrypt' ransomware fiends," The Registrar report noted.
"Cybercriminals intrigued by the currency's promises of greater anonymity are using it more often on black markets." it said.
"If your organisation has software tools for conducting money transactions like SWIFT software, invest into additional protection and regular security assessment in addition to standard protection measures implemented on all other parts of the organisation's network," Halde informed.
"When deploying specialised software for money processing follow recommendations and best security practices from your software vendor and security professionals," Halde added.