Less than a week after a massive cyberattack that crackdowns various websites and cyber accounts, another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault, says global cybersecurity firm to AFP.
According to the firm, new attack targets the same vulnerabilities the “WannaCry ransomware” worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.
Nicolas Godier, a researcher at the computer security firm, said after the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz.
“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” Godier said.
The new attacks follow this mantra, instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.
One of the virtual currencies like Monero and Bitcoin use the computers of volunteers to record transactions.
They are said to “mine” for the currency and are occasionally rewarded with a piece of it.
Also, Proofpoint pointed in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.
“As it is silent and doesn’t trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers,” he added.
The upcoming attack was monitored by Proofpoint after they detected infected machines that have transferred several thousand dollars worth of Monero to the creators of the virus.
The firm believes Adylkuzz has been on the loose since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected.
Proofpoint vice president for email products, Robert Holmes, was shocked to realized that the virus was huge than the WannaCry.
“We don’t know how big it is” but “it’s much bigger than WannaCry”, Holmes told AFP.
On Tuesday, a US official put the number of computers infected by WannaCry at over 300,000.
“We have seen that before — malwares mining cryptocurrency — but not this scale,” said Holmes.
The WannaCry attack has sparked havoc in computer systems worldwide.
Britain’s National Health Service, US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit.
While the rate of new infections has slowed, researchers at cybersecurity firm Check Point said the malware continues to spread rapidly.
And another expert added that despite a quick breakthrough that WannaCry to be slowed down, researchers don’t fully understand it.
“The problem is that we’re still not certain about the origin of the infections” as contrary to many previous attacks it wasn’t via emails which deceive users into installing the virus, said the expert on condition of anonymity.
More attacks could be soon be underway as the hacker group TheShadowBrokers that leaked the vulnerabilities used by WannaCry and Adylkuzz has threatened to publish more,” Cyber Point said.