Tajuk : The NSA exploit used in the WannaCry cyberattack was also used to build a money-making botnet
link : The NSA exploit used in the WannaCry cyberattack was also used to build a money-making botnet
The NSA exploit used in the WannaCry cyberattack was also used to build a money-making botnet
LONDON — This weekend’s devastating global cyber-attack offered a sobering lesson in what happens when software vulnerabilities fall into the wrong hands.
An exploit in Microsoft Windows developed by the NSA (National Security Agency), a US spy agency, leaked online earlier this year. It was then used to turbo-charge a piece of ransom-demanding malware (“WannaCry” or “WannaCrypt”), which rampaged around the world on Friday, causing chaos in hospitals, factories, and telecoms firms.
But now it looks like WannaCry wasn’t the first piece of malware in the wild to exploit the “EternalBlue” vulnerability.
In a blog post published on Monday, security firm Proofpoint wrote that they have detected “another very large-scale attack” that makes use of the same NSA tech.
It’s a botnet, called “Adylkuzz,” that infects victims’ computers and makes them secretly mine a cryptocurrency called Monero to make money for the attackers — and it seems to have pulled in tens of thousands of dollars.
For context: Cryptocurrencies — the most famous of which is bitcoin — are decentralised digital currencies that operate without any central bank. Typically, new “coins” are created by “mining”: Devoting your computer’s processing power towards the upkeep of the network in return for a reward.
This financial incentive means that some people become professional “miners,” building dedicated rigs with specialised hardware that do nothing but mine cryptocurrencies. It also means that hackers sometimes try and hijack people’s computers to mine cryptocurrencies without them realising — making the attacker a tidy profit at the expense of the victim’s computer’s performance.
That’s what has been happening here, according to Proofpoint. The firm’s researchers wrote that it has been going on since at least May 2, “and possibly as early as April 24,” significantly before the spread of WannaCry.
It has (until now) largely flown under the radar, and the botnet has caused infected computers to run slowly: “Symptoms of this attack include loss of access to shared Windows resources and degradation of PC and server performance. Several large organizations reported network issues this morning that were originally attributed to the WannaCry campaign. However, because of the lack of ransom notices, we now believe that these problems might be associated with Adylkuzz activity.”
Although we don’t know exactly who was infected with Adylkuzz, it seemed to have spread pretty widely. “Within 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an Adylkuzz mining botnet,” Proofpoint wrote.
This suggests that many of the organisations hit with WannaCry — the NHS, Telefónica, and so on — may also have been infected with Adylkuzz beforehand.
According to Proofpoint’s analysis, at least $43,000-worth of Monero has been raised by the as-yet unidentified attackers behind Adylkuzz. (WannaCry, meanwhile, has made more than $66,000, and the figure is still rising.)
The vulnerability that Adylkuzz and WannaCry exploited was patched im March this year — before either began to spread. But because many organisations hadn’t updated their software, they remained vulnerable.
On Monday, Microsoft published a blog post excoriating the NSA for “stockpiling” software exploits and their subsequent leak online by hacking group “ShadowBrokers.” “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” wrote president Brad Smith. “The governments of the world should treat this attack as a wake-up call.”
Get the latest Bitcoin price here.
[2017-05-16 10:41:47] Ransom paid to #WannaCry: 0.34BTC = $580 (https://t.co/CZ6vYairmP).
WannaCry total: 38.22BTC = $66,120.
— Ransom Tracker (@ransomtracker) May 16, 2017
Read more stories on Business Insider, Malaysian edition of the world’s fastest-growing business and technology news website.
✍ Sumber Pautan : ☕ Business InsiderBusiness Insider
Kredit kepada pemilik laman asal dan sekira berminat untuk meneruskan bacaan sila klik link atau copy paste ke web server : http://ift.tt/2rlUIkw
(✿◠‿◠)✌ Mukah Pages : Pautan Viral Media Sensasi Tanpa Henti. Memuat-naik beraneka jenis artikel menarik setiap detik tanpa henti dari pelbagai sumber. Selamat membaca dan jangan lupa untuk 👍 Like & 💕 Share di media sosial anda!
LONDON — This weekend’s devastating global cyber-attack offered a sobering lesson in what happens when software vulnerabilities fall into the wrong hands.
An exploit in Microsoft Windows developed by the NSA (National Security Agency), a US spy agency, leaked online earlier this year. It was then used to turbo-charge a piece of ransom-demanding malware (“WannaCry” or “WannaCrypt”), which rampaged around the world on Friday, causing chaos in hospitals, factories, and telecoms firms.
But now it looks like WannaCry wasn’t the first piece of malware in the wild to exploit the “EternalBlue” vulnerability.
In a blog post published on Monday, security firm Proofpoint wrote that they have detected “another very large-scale attack” that makes use of the same NSA tech.
It’s a botnet, called “Adylkuzz,” that infects victims’ computers and makes them secretly mine a cryptocurrency called Monero to make money for the attackers — and it seems to have pulled in tens of thousands of dollars.
For context: Cryptocurrencies — the most famous of which is bitcoin — are decentralised digital currencies that operate without any central bank. Typically, new “coins” are created by “mining”: Devoting your computer’s processing power towards the upkeep of the network in return for a reward.
This financial incentive means that some people become professional “miners,” building dedicated rigs with specialised hardware that do nothing but mine cryptocurrencies. It also means that hackers sometimes try and hijack people’s computers to mine cryptocurrencies without them realising — making the attacker a tidy profit at the expense of the victim’s computer’s performance.
That’s what has been happening here, according to Proofpoint. The firm’s researchers wrote that it has been going on since at least May 2, “and possibly as early as April 24,” significantly before the spread of WannaCry.
It has (until now) largely flown under the radar, and the botnet has caused infected computers to run slowly: “Symptoms of this attack include loss of access to shared Windows resources and degradation of PC and server performance. Several large organizations reported network issues this morning that were originally attributed to the WannaCry campaign. However, because of the lack of ransom notices, we now believe that these problems might be associated with Adylkuzz activity.”
Although we don’t know exactly who was infected with Adylkuzz, it seemed to have spread pretty widely. “Within 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an
This suggests that many of the organisations hit with WannaCry — the NHS, Telefónica, and so on — may also have been infected with Adylkuzz beforehand.
According to Proofpoint’s analysis, at least $43,000-worth of Monero has been raised by the as-yet unidentified attackers behind Adylkuzz. (WannaCry, meanwhile, has made more than $66,000, and the figure is still rising.)
The vulnerability that Adylkuzz and WannaCry exploited was patched im March this year — before either began to spread. But because many organisations hadn’t updated their software, they remained vulnerable.
On Monday, Microsoft published a blog post excoriating the NSA for “stockpiling” software exploits and their subsequent leak online by hacking group “ShadowBrokers.” “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” wrote president Brad Smith. “The governments of the world should treat this attack as a wake-up call.”
Get the latest Bitcoin price here.
[2017-05-16 10:41:47] Ransom paid to #WannaCry: 0.34BTC = $580 (https://t.co/CZ6vYairmP).
WannaCry total: 38.22BTC = $66,120.
— Ransom Tracker (@ransomtracker) May 16, 2017
Read more stories on Business Insider, Malaysian edition of the world’s fastest-growing business and technology news website.
✍ Sumber Pautan : ☕ Business InsiderBusiness Insider
Kredit kepada pemilik laman asal dan sekira berminat untuk meneruskan bacaan sila klik link atau copy paste ke web server : http://ift.tt/2rlUIkw
(✿◠‿◠)✌ Mukah Pages : Pautan Viral Media Sensasi Tanpa Henti. Memuat-naik beraneka jenis artikel menarik setiap detik tanpa henti dari pelbagai sumber. Selamat membaca dan jangan lupa untuk 👍 Like & 💕 Share di media sosial anda!
dengan itu Perkara The NSA exploit used in the WannaCry cyberattack was also used to build a money-making botnet
Kini anda membaca artikel The NSA exploit used in the WannaCry cyberattack was also used to build a money-making botnet dengan alamat pautan https://timesnewmalaysia.blogspot.com/2017/05/the-nsa-exploit-used-in-wannacry.html
Related Posts :
Penagih dadah cuba rogol wanita dalam tandas shopping mall di Alor Setar di belasah
Pembaca berita menjerit anjing ada di sebelah- Penagih dadah cuba rogol wanita dalam tandas shopping mall di Alor Setar di belasah
- Villeroy Mahukan Peraturan Yang Lebih Mudah di Dalam Kesatuan Perbankan EU
- Tau Fu Fa Ekspress, Pemanis Mulut Berbuka Puasa Untuk Anda Yang Nak Makan Cepat Tapi Sedap!
0 Response to "The NSA exploit used in the WannaCry cyberattack was also used to build a money-making botnet"
Catat Ulasan