Yet another incredibly large-scale cyber attack is currently underway, this time – no one may even know if they have been hacked.
According to AFP, hackers are leveraging the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.
Researchers at Proofpoint shared details of the cyber attack that is ongoing and potentially affecting more than 300,000 machines worldwide.
Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, said Nicolas Godier, a researcher at the computer security firm.
“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.
Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.
Virtual currencies such as Monero and Bitcoin use the computers of volunteers to record transactions. They are said to “mine” for the currency and are occasionally rewarded with a piece of it.
Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.
“As it is silent and doesn’t trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers,” said Godier. – Read More