Cybersecurity researchers say North Korea might be linked to the WannaCry ‘ransomware’ cyber attack that has infected more than 300,000 computers worldwide since Friday.
IT’S getting hard to read the news without hearing about another cyber attack making its way around the global internet.
A growing trend among cyber criminals is the kind of malware attack that infiltrates your network and works quietly in the background to perform tasks such a mining a digital currency and send the profits back to the author of the virus while the host remains unaware.
This type of threat has been highlighted by the Adylkuzz attack which exploits the same Microsoft vulnerability as the WannaCry attack but instead of seizing files for ransom it installs a known cryptocurrency miner on compromised machines.
“These are not particularly unusual, we see a lot of malware that does cryptocurrency mining,” Nick Savvides, a security specialist at Symantec told news.com.au. “There’s a very big business in it.”
Such malware can often go undetected but will likely degrade a computer’s performance and speed.
“If criminals get it right it doesn’t chew up too much resources, just enough that it can deliver something,” and the infection can go undetected for long periods of time.
Given the rising value of many cryptocurrencies in recent months “it’s possible to make quite a bit of money out of it without it being noticed,” Mr Savvides said.
After security firm Proofpoint published a blog this week describing how the attack turns infected users into unwitting financial supporters of cyber criminals some reports claimed the Adylkuzz malware could end up being a bigger attack than WannaCry which infected as many as 200,000 Windows systems more the 150 countries. But Mr Savvides disagrees.
“I just don’t see it. The reason I don’t see it is that this has been active for some time now, the rates of infection have been pretty low, and there hasn’t been an associated e-mail campaign to infect hosts,” he said.
Proofpoint said it has detected a number of infected machines that have transferred several thousand dollars worth of cryptocurrency Monero to the creators of the virus dating back to as early as April 24.
Interestingly, once the malware exploits the Microsoft vulnerability, it shuts it down denying anyone else the chance to do the same. “One bad guy making sure no one else can steal his host.”
These types of attacks share certain characteristics with the commonly used distributed denial of service (DDoS) attacks which also take control of unwitting hosts to direct their computer’s traffic at a particular network.
“In fact as a cyber criminal you could dual purpose that botnet. You could go and infect thousands of hosts and utilise them to not just mine bitcoins for you but to also launch a denial of service attack for you,” Mr Savvides said.
These kind of attacks “aren’t going away.”
So if your computer is running a little slower than usual, how can you check if it might possibly be compromised?
According to Mr Savvides the only thing the average punter can do to ensure they’re not the unwitting victim of such malware is to run a security tool like Norton Power Eraser which is a free virus and malware removal tool that people can run to clean their device.
“I think that’s really the only way for a layman to determine this,” he said.
How safe is your data? Secret internet backdoors are being exploited and sold by hackers for astronomical amounts. It has sparked a digital war between good and bad hackers – all focused on your digital security. How safe do you feel?