When an NSA server containing a wide range of exploits was hacked last year, the world didn’t particularly care for it. The exploits were, after all, based on old, patched exploits.
Shadow Brokers, the hacking group who allegedly hacked said server and stole the exploits, couldn’t even sell the stolen goods and ended up releasing the tools for free. Unexpectedly, those very same, old, outdated tools were used to create some of the most devastating ransomware attacks in recent memory, most notably WannaCry. At its peak, WannaCry infected over 200,000 computers in well over 100 countries, bringing many businesses to their knees.
The problem, as always, was that while WannaCry was based on a patched, outdated exploit called EternalBlue, the scale of the infection just went on to show how sloppy our security practices are.
If a report from Motherboard is to be believed, the world has clearly not learnt its lesson. According to the report, cybersecurity firm CrowdStrike has discovered that an EternalBlue-based malware is spreading. This malware, dubbed WannaMine, is using computing resources to mine cryptocurrency on infected systems.
Cryptocurrency mining is a resource-intensive task and any infected computer will slow down noticeably. For the average user, this will mean a slower PC, slightly higher electricity bills and a reduction in the theoretical life of your computer components in the long term.
For businesses, however, the impact is much greater. If large computer networks are infected, particularly networks used for intensive tasks like rendering videos, number-crunching, servers and more, the impact will be huge. According to CrowdStrike, they’re already aware of some companies whose operations have ground to a halt because of WannaMine.
It’s been reported that the malware initially uses a tool called Mimikatz to steal credentials (user IDs and passwords), failing which it attempts to uses EternalBlue to break in. The stolen credentials will be used to infect other PCs on the network, so a system patched against EternalBlue might still be vulnerable to attack. What’s scarier is the fact that WannaMine uses techniques pioneered by state-sponsored hackers from the likes of Russia and China to perform its function. This makes it virtually impossible to detect and remove from an infected system.
WannaMine seems to be mining Monero, an alternative form of cryptocurrency that is relatively easy to mine. The malware can infect a PC via a targeted attack or when a user clicks on a malicious link.
Updated Date: Feb 01, 2018 21:06 PM