DAWN.COM Logo

Today's Paper | April 29, 2024

Another large-scale cyberattack underway

AFP Published May 18, 2017

PARIS: Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.

Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, said Nicolas Godier, a researcher at the computer security firm. “It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.

Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.

“As it is silent and doesn’t trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers,” said Godier.

Proofpoint said it has detected infected machines that have transferred several thousand dollars worth of Monero to the creators of the virus. The firm believes Adylkuzz has been on the loose since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected.

A US official on Tuesday put the number of computers infected by WannaCry at over 300,000.

More attacks could be soon be underway as the hacker group TheShadowBrokers that leaked the vulnerabilities used by WannaCry and Adylkuzz has threatened to publish more.

It said in a post it would begin providing information monthly by subscription in June, saying that in addition to Windows 10 vulnerabilities it would include “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programmes”.

Published in Dawn, May 18th, 2017

Follow Dawn Business on Twitter, LinkedIn, Instagram and Facebook for insights on business, finance and tech from Pakistan and across the world.

Read more

On DawnNews
Dawn News English
Comments (1) Closed
Indian
May 19, 2017 06:59am
Install firewall and block everything except what you actually use. No anti-virus can help you.
Recommend 0

Latest Stories

dawn images site

Most Popular

01
02
03
04
05
06
07
08
09

Must Read

Opinion

Editorial

Return to the helm
Updated 28 Apr, 2024

Return to the helm

With Nawaz Sharif as PML-N president, will we see more grievances being aired?
Unvaxxed & vulnerable
Updated 28 Apr, 2024

Unvaxxed & vulnerable

Even deadly mosquito-borne illnesses like dengue and malaria have vaccines, but they are virtually unheard of in Pakistan.
Gaza’s hell
Updated 28 Apr, 2024

Gaza’s hell

Perhaps Western ‘statesmen’ may moderate their policies if a significant percentage of voters punish them at the ballot box.
Missing links
Updated 27 Apr, 2024

Missing links

As the past decades have shown, the country has not been made more secure by ‘disappearing’ people suspected of wrongdoing.
Freedom to report?
27 Apr, 2024

Freedom to report?

AN accountability court has barred former prime minister Imran Khan and his wife from criticising the establishment...
After Bismah
27 Apr, 2024

After Bismah

BISMAH Maroof’s contribution to Pakistan cricket extends beyond the field. The 32-year old, Pakistan’s...