An­other large-scale cy­ber­at­tack un­der­way

EX­PERTS WARN

Cebu Daily News - - WORLD - AFP

PARIS — An­other large-scale, stealthy cy­ber­at­tack is un­der­way on a scale that could dwarf last week’s as­sault on com­put­ers world­wide, a global cy­ber­se­cu­rity firm told AFP on Wed­nes­day.

The new at­tack tar­gets the same vul­ner­a­bil­i­ties the Wan­naCr y r an­somware worm ex­ploited, but rather than freeze files, it uses the hun­dreds of thou­sands of com­put­ers be­lieved to have been in­fected to mine vir­tual cur­rency.

Fol­low­ing the de­tec­tion of the Wan­naCry at­tack on Fri­day, re­searchers at Proof­point dis­cov­ered a new at­tack linked to Wan­naCry called Adylkuzz, said Ni­co­las Godier, a re­searcher at the com­puter se­cu­rity firm.

“It uses the hack­ing tools re­cently dis­closed by the NSA and which have since been fixed by Mi­crosoft in a more stealthy man­ner and for a dif­fer­ent pur­pose,” he said.

In­stead of com­pletely dis­abling an in­fected com­puter by en­crypt­ing data and seek­ing a ran­som pay­ment, Adylkuzz uses the ma­chines it in­fects to “mine” in a back­ground task a vir­tual cur­rency, Monero, and trans­fer the money cre­ated to the au­thors of the virus.

Vir­tual cur­ren­cies such as Monero and Bit­coin use the com­put­ers of vol­un­teers to record transac- tions. They are said to “mine” for the cur­rency and are oc­ca­sion­ally re­warded with a piece of it.

Proof­point said in a blog that symp­toms of the at­tack in­clude loss of ac­cess to shared Win­dows re­sources and degra­da­tion of PC and server per­for­mance, ef­fects which some users may not no­tice im­me­di­ately.

“As it is silent and doesn’t trou­ble the user, the Adylkuzz at­tack is much more prof­itable for the cy­ber crim­i­nals. It trans­forms the in­fected users into un­wit­ting fi­nan­cial sup­port­ers of their at­tack­ers,” said Godier.

Proof­point said it has de­tected in­fected ma­chines that have trans­ferred sever- al thou­sand dol­lars’ worth of Monero to the cre­ators of the virus.

The firm be­lieves Adylkuzz has been on the loose since at least May 2, and per­haps even since April 24, but due to its stealthy na­ture was not im­me­di­ately de­tected.

“We don’t know how big it is” but “it’s much big­ger than Wan­naCry,” Proof­point’s Vice Pres­i­dent for Email Prod­ucts Robert Holmes told AFP.

A US of­fi­cial on Tues­day put the num­ber of com­put­ers in­fected by Wa n n a C r y a t o v e r 300,000.

“We have seen that be­fore — mal­wares min­ing cryp­tocur­rency — but not this scale,” said Holmes.

The Wan­naCry at­tack has sparked havoc in com­puter sys­tems world­wide.

Bri­tain’s Na­tional Health Ser­vice, US pack­age de­liv­ery gi­ant FedEx, Span­ish tele­coms gi­ant Tele­fon­ica and Ger­many’s Deutsche Bahn rail net­work were among those hit./

/AFP

Adylkuzz is be­lieved to have in­fected more com­put­ers than Wan­naCry, us­ing the same vul­ner­a­bil­i­ties.

Newspapers in English

Newspapers from Philippines

© PressReader. All rights reserved.