Second Ongoing Global Cyberattack Identified After WannaCry Virus

Posted May 20, 2017

The cybersecurity firm Proofpoint said the newly discovered attack, using Adylkuzz, is a lot quieter than WannaCry, but "has likely generated millions of dollars in cryptocurrency for the unknown attackers".

This appears to be more unsafe than "WannaCrypt" as the victim doesn't come to know that they have been hacked, but, on the other side, "the good part is that the hacker here is not interested in the victim's personal data", he said. The concern with Adylkuzz could be that because it doesn't lock up a computer, organizations might be less fearful of it.

Adylkuzz is essentially a "cryptocurrency miner", which infects systems and generates cyber-money for the attackers.

The process of mining uses the computer's resources - its processor and/or graphics card - to perform complex computations, which in turns "creates" new Monero coins.

Proofpoint said it had identified more than 20 hosts set up to scan and attack vulnerable machines, and more than a dozen active Adlykuzz command and control servers.

"The malware is deliberately stealthy; users will only notice their Windows machine is running slowly and that they don't have access to shared Windows resources", senior vice president at Proofpoint Ryan Kalember said in a statement.

In April, the Shadow Brokers leaked several cyber weapons online after reportedly hacking the NSA's Equation Group.

Proofpoint has uncovered a malware attack that uses the same EternalBlue and DoublePulsar exploits, which were used to spread WannaCry.

"There are others, but these are the bad ones that spread like a worm", Kalember says.

According to McAfee, the dangers of Adylkuzz mainly lies in the nature of malware, where it lies undetected as it silently infects systems and is hard for the layman to realise that he or she is under attack. It's being claimed that Monero has infected hundreds of thousands of PCs and servers worldwide. It was leaked by a hacker group in mid-April.

This malware relies on virtual private servers scanning the Internet on TCP port 445 for distribution.

A researcher watching Proofpoint's sensor net picked up signs of Eternal Blue early on Friday, Kalember says.

"The governments of the world should treat this attack as a wake-up call", they expressed, claiming that government agencies "need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world". However, Microsoft released an emergency patch for its no-longer supported operating systems after the WannaCry outbreak. "And the answer is nothing, because there is nothing we can do about it", Spagni said in a phone call with CBS News.

Surprisingly, the virus has been there for a while and is said to have caused more damage than the WannaCry.

"There's no way from a system perspective to know what is a legitimate miner and what isn't", he said. The hackers behind both attacks, Adylkuzz and WannaCry, still remain at large. Adylkuzz uses the same exploits to install malware on computers, but instead of locking them, it operates in the background, stealing computer power (and slowing the device) while "mining" for the virtual currency Monero.