MillenniumPost
World

After 'WannaCrypt', world faces massive cryptocurrency attack

After facing a massive "WannaCrypt" ransomware attack that exploited a vulnerability in a Microsoft software and hit 150 countries, the same Windows vulnerability (MS17-010) has also been exploited to spread another type of malware that is quietly but fast generating digital cash from machines it has infected.

According to a report in The Registrar on Wednesday, tens of thousands of computers globally have been affected by the "Adylkuzz attack" that target machines, let them operate and only slows those down to generate digital cash or "Monero" cryptocurrency in the background.

"Monero" — being popularised by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.

It is an alternative to Bitcoin and is being used for trading in drugs, stolen credit cards and counterfeit goods.

"Initial statistics suggest that this attack may be larger in scale than WannaCry[pt], because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry[pt] worm) via that same vulnerability," US-based cyber security firm Proofpoint researchers were quoted as saying in the report. This is how a cryptocurrency attack works. The hackers need to mine cryptocurrency using computers/computing devices (IoT included).

"Mining of cryptocurrency simply means solving complex cryptography problems designed within the algorithm of a cyber-currency that requires a lot of computing," Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS. To draw a parallel, there can only be 21 million Bitcoins that can be mined out of which 16 million have already been mined, informed Modi. "Monero", on the other side, is slightly different than Bitcoin but for simplification's sake, it can be assumed that it follows a similar architecture and similar mining process.

"Hence, there is a new wave of cyber attacks where the hacker is least interested in the personal information of the victim and instead his only motivation is to gain access to the CPU of the victim's computer/mobile/IoT device so that they can use it to mine more currencies (and correspondingly make more money)," Modi said.
Next Story
Share it