Contact Your Financial Adviser Money Making MC
17
May 2017
After
facing a massive "WannaCrypt" ransomware attack that exploited a
vulnerability in a Microsoft software and hit 150 countries, the same Windows
vulnerability (MS17-010) has also been exploited to spread another type of
malware that is quietly but fast generating digital cash from machines it has
infected. The Total Investment & Insurance
Solutions
According
to a report in The Registrar on Wednesday, tens of thousands of computers
globally have been affected by the "Adylkuzz attack" that target
machines, let them operate and only slows those down to generate digital cash
or "Monero" cryptocurrency in the background.
"Monero"
-- being popularised by North Korea-linked hackers -- is an open-source
cryptocurrency created in April 2014 that focuses on privacy, decentralisation
and scalability.
It
is an alternative to Bitcoin and is being used for trading in drugs, stolen credit
cards and counterfeit goods. The Total
Investment & Insurance Solutions
"Initial
statistics suggest that this attack may be larger in scale than WannaCry[pt],
because this attack shuts down SMB networking to prevent further infections
with other malware (including the WannaCry[pt] worm) via that same
vulnerability," US-based cyber security firm Proofpoint researchers were
quoted as saying in the report.
This
is how a cryptocurrency attack works.
The
hackers need to mine cryptocurrency using computers/computing devices (IoT
included).
"Mining
of cryptocurrency simply means solving complex cryptography problems designed
within the algorithm of a cyber-currency that requires a lot of
computing," Saket Modi, CEO and Co-founder of Delhi-based IT risk
assessments provider Lucideus, told.
To
draw a parallel, there can only be 21 million Bitcoins that can be mined out of
which 16 million have already been mined, informed Modi.
"Monero",
on the other side, is slightly different than Bitcoin but for simplification's
sake, it can be assumed that it follows a similar architecture and similar
mining process.
"Hence,
there is a new wave of cyber attacks where the hacker is least interested in
the personal information of the victim and instead his only motivation is to
gain access to the CPU of the victim's computer/mobile/IoT device so that they
can use it to mine more currencies (and correspondingly make more money),"
Modi told.
This
looks like something more dangerous than "WannaCrypt" as the victim
doesn't come to know that they have been hacked, but, on the other side,
"the good part is that the hacker here is not interested in the victim's
personal data," Modi told.
To
achieve this, the hackers find a vulnerability in one of the servers in the
targeted organisation or they would infect a website which employees of a
targeted organisation often visit.
"They
would then infect the IT infrastructure of the target with malware and would
identify where a server running SWIFT software is installed. They would
download additional malware to interact with SWIFT software and would try to
drain the organisation's accounts," Altaf Halde, Managing Director of Kaspersky
Lab (South Asia), told.
According
to Proofpoint, the "Adylkuzz" attack is still growing.
"Once
infected through use of the 'EternalBlue' exploit, the cryptocurrency miner
'Adylkuzz' is installed and used to generate cybercash for the attackers,"
Robert Holmes, Vice President of products at Proofpoint, was quoted as saying.
According
to experts, the "Adylkuzz" began its attack on or before May 2, more
than a week before "WannaCrypt" arrived and hit 150 countries,
including India.
"Indications
are that the crooks behind 'Adylkuzz' have generated a lot more money than the
'WannaCrypt' ransomware fiends," The Registrar report noted.
According
to cyberscoop.com, "Monero" doubled in price over the last month to
around $23 while other digital currencies, including bitcoin, saw a mixed
month.
"Cybercriminals
intrigued by the currency's promises of greater anonymity are using it more
often on black markets." it said. The Total Investment & Insurance Solutions
This
is how organisations can save themselves from such cryptocurrency attacks.
"If
your organisation has software tools for conducting money transactions like
SWIFT software, invest into additional protection and regular security
assessment in addition to standard protection measures implemented on all other
parts of the organization's network," Halde informed. The Total Investment & Insurance Solutions
Protect
backup servers as they contain information that can be of use for attackers: passwords,
logins, and authentication tokens. The
Total Investment & Insurance Solutions
"When
deploying specialised software for money processing follow recommendations and
best security practices from your software vendor and security
professionals," Halde added.
In
case of suspicion of intrusion, request for professional assistance with
incident response. The Total Investment
& Insurance Solutions
No comments:
Post a Comment