Skip to main content

Cryptocurrency mining attacks using leaked NSA hacking tools are still highly active, a year later

It’s been over a year since highly classified exploits built by the National Security Agency were stolen and published online.

One of the tools, dubbed EternalBlue, can covertly break into almost any Windows machine around the world. It didn’t take long for hackers to start using the exploits to run ransomware on thousands of computers, grinding hospitals and businesses to a halt. Two separate attacks in as many months used WannaCry and NotPetya ransomware, which spread like wildfire. Once a single computer in a network was infected, the malware would also target other devices on the network. The recovery was slow and cost companies hundreds of millions of dollars in damages.

Yet, after more than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and are vulnerable to attack.

Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.

Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago.

“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason.

“Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company.

Cryptomining attacks aren’t new and have been around for a while. It’s more common for hackers to inject cryptocurrency mining code into vulnerable websites, but the payoffs are low. Some news sites are now installing their own mining code as an alternative to running ads.

But WannaMine works differently, Cybereason said in its post-mortem of the infection. By using those leaked NSA exploits to gain a single foothold into a network, the malware tries to infect any computer within. It’s persistent so the malware can survive a reboot. After it’s implanted, the malware uses the computer’s processor to mine cryptocurrency. On dozens, hundreds, or even thousands of computers, the malware can mine cryptocurrency far faster and more efficiently. Though it’s a drain on energy and computer resources, it can often go unnoticed.

After the malware spreads within the network, it modifies the power management settings to prevent the infected computer from going to sleep. Not only that, the malware tries to detect other cryptomining scripts running on the computer and terminates them — likely to squeeze every bit of energy out of the processor, maximizing its mining effort.

At least 300,000 computers or networks are still vulnerable to the NSA’s EternalBlue hacking tools.

Based on up-to-date statistics from Shodan, a search engine for open ports and databases, at least 919,000 servers are still vulnerable to EternalBlue, with some 300,000 machines in the US alone. And that’s just the tip of the iceberg — that figure can be individual vulnerable computers or a vulnerable network server capable of infecting hundreds or thousands more machines.

A year after the patches were released, Cybereason said companies are still severely impacted because their systems aren’t protected.

“There’s no reason why these exploits should remain unpatched,” the blog post said. “Organizations need to install security patches and update machines.”

If not ransomware yesterday, it’s cryptomining malware today. Given how versatile the EternalBlue exploit is, tomorrow it could be something far worse — like data theft or destruction.

In other words: if you haven’t patched already, what are you waiting for?



from TechCrunch https://ift.tt/2OoJ303

Comments

Popular posts from this blog

Android blatantly copies the iPhone X navigation gestures

Google unveiled some of the new features in the next version of Android at its developer conference. One feature looked particularly familiar. Android P will get new navigation gestures to switch between apps. And it works just like the iPhone X.“As part of Android P, we’re introducing a new system navigation that we’ve been working on for more than a year now,” VP of Android Engineering Dave Burke said. “And the new design makes Android multitasking more approachable and easier to understand.”While Google has probably been working on a new multitasking screen for a year, it’s hard to believe that the company didn’t copy Apple. The iPhone X was unveiled in September 2017.On Android P, the traditional home, back and multitasking buttons are gone. There’s a single pill-shaped button at the center of the screen. If you swipe up from this button, you get a new multitasking view with your most recent apps. You can swipe left and right and select the app you’re looking for.If you swipe up o…

Square launches restaurant point-of-sale platform

Square, which has already made its way into retail stores and service-based businesses (think hair salons, massage therapists, etc), is officially getting into the restaurant business with the launch of Square for Restaurants. Square for Restaurants is a point-of-sale system that handles everything from menu updates, floor layouts, employee scheduling, performance tracking to tip splitting.Usually, restaurants have “some old legacy thing or something else,” Square Seller Lead Alyssa Henry told me.“Historically, we’ve not served this customer segment very well,” Henry said. “With Square for Restaurants, we’re excited to finally be able to serve this customer segment and deliver on a couple of key things that are core to Square but also highly valued by sellers of all types.”This new product is designed to be fast, self-serve, elegant and cohesive, Henry said. It also integrates seamlessly into Square’s existing ecosystem that includes Payroll, Capital and more. Given Square’s ownership…