Larger cyber attack underway: WannaCry XXL?

By on May 18, 2017
Larger cyber attack underway: WannaCry XXL?

Larger cyber attack underway: WannaCry XXL?

Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

The new attackware targets the same vulnerabilities that were exploited by the WannaCry ransomware, but unlike WannaCry, which froze computers and wreaked havoc worldwide on Friday, Adylkuzz is a cryptocurrency mining malware that takes over a machine and slows down computers and servers to use them to mine cryptocurrencies, like bitcoin and monero, according to Proofpoint and Yahoo News.

Yahoo News also reported that Adylkuzz has been “on the loose” since May 2 or April 24, but was not immediately detected.

From the article:

Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, said Nicolas Godier, a researcher at the computer security firm.

“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.

Proofpoint outlined in a blog post that the symptoms of this attack include “loss of access to shared Windows resources and degradation of PC and server performance.” But users may not notice these symptoms immediately.

Yahoo’s report also added that more attacks could be soon underway after The Shadow Brokers, who leaked the vulnerabilities used by WannaCry and Adylkuzz, threatened to publish more. A recent report in the Washington Post said the hacking group is now claiming to have data on foreign nuclear arms programs.

In April the Shadow Brokers claimed that in 2016 the National Security Agency breached the Dubai-based firm that oversees payments in the SWIFT transaction system, an international messaging network used by 10,000 banks in 212 countries to send information about financial transactions.

While the NSA’s activities were designed to gather information, hackers separately compromised the SWIFT system in March 2016, stealing the computer credentials of a SWIFT operator in Bangladesh to send messages to the Federal Reserve Bank of New York that resulted in the theft of $81 million from the Bangladesh central bank.

On Tuesday, it was revealed that hackers had gained temporary access to a non-core system of DocuSign which allowed them to steal possibly more than 100 million email addresses.

However, DocuSign confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

About Staff

To contact the editors responsible for this story: [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *