Another large-scale, stealthy cyberattack may be coming. And the worse news is, it might even be far bigger than last week’s “ransomware” attack that affected computers all over the world. The warning comes from a global cybersecurity firm.
The new threat targets the same vulnerabilities that the WannaCry ransomware exploited but this time the attack will have a separate goal: Instead of freezing files, the attack will use the hundreds of thousands of computers that may have been infected to mine virtual currency.
Researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz. Nicolas Godier, one of the researchers at the computer security firm said that Adylkuzz uses the hacking tools recently disclosed by the NSA and which have since been resolved and fixed by Microsoft in a stealthier manner and for a different purpose.
If last week’s attack focused on disabling an infected computer by encrypting data and demanding a ransom payment, Adylkuzz, in contrast, uses the machines it infects to “mine” in a background task a virtual currency, Monero, and then would shrewdly transfer the money created to the authors of the virus.
The experts said that virtual currencies such as Monero and Bitcoin use the computers of volunteers to record the transaction. Then they mine for the currency and are at times rewarded with a piece of it.
Proofpoint has also detected the symptoms of the attack that include loss of access to shared Windows resources and degradation of PC and server performance. Users may not notice such effects immediately.
And this is something to be more worried about- since Adylkuzz is silent and does not bother the user, it becomes much more profitable for the cyber criminals. The unfortunate thing, too, is that it even transforms the infected users into unwitting financial supporters of their attackers.
Proofpoint has already detected infected machines that have transferred several thousand dollars’ worth of Monero to the creators of the virus. The firm also believes that Adylkuzz may have been on the loose as early as between April 24 to May 2, but it just escaped detection due to its stealthy nature.
Proofpoint ‘s vice president for email products Robert Holmes said that while they are not sure at this point how big Adylkuzz is, they can say that it is much bigger than WannaCry. And that while they have seen malware mining cryptocurrency, they have not seen it at this scale.
Bigger trouble is more attacks could soon be under way as the hacker group TheShadowBrokers that leaked the vulnerabilities used by WannaCry and Adylkuzz has event threatened to publish more. The group said in a post that it would start providing information monthly by subscription in June, claiming that in addition to Windows 10 vulnerabilities it would include “compromised network data from Russian, Chinese, Iranian or North Korean nukes and missile programs.