Warning of new world assault on computers
ANOTHER large-scale, stealthy cyber attack is under way on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm said yesterday.
The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, it uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.
Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, Nicolas Godier, a researcher at the computer security firm, said.
“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.
Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to mine a virtual currency, Monero, in a background task and transfer the money created to the authors of the virus.
Virtual currencies such as Monero and Bitcoin use the computers of volunteers for recording transactions.
They are said to mine for the currency and are occasionally rewarded with a piece of it.
Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.
“As it is silent and doesn’t trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals,” Godier said.
“It transforms the infected users into unwitting financial supporters of their attackers.”
Proofpoint said it had detected infected machines that had transferred several thousand dollars worth of Monero to the creators of the virus.