Technology, Top News

NSA exploit EternalBlue is back and powering WannaMine cryptojacking malware

SAY HELLO to WannaMine, the cryptojacking malware that’s using leaked NSA hacking tools to infiltrate computers and syphon processor power to crunch calculations needed to ‘mine; cryptocurrencies.

But first a history lesson. You may remember the EternalBlue, a Windows exploit developed by the NSA that was leaked by hacking group Shadow Brokers.

Pretty soon after the exploit was used to launch the massive WannaCry ransomware attack that locked down NHS systems and affected some 230,000 computers across 150 countries. EternalBlue was then used to spearhead the arguably more dangerous NotPetya attacks.

Now it’s being put to use again, only this time rather than locking victims out of their computers, it’s allowing cryptojacking malware to surreptitiously tap into CPU power and use it to generate the digital currencies like Bitcoin and Monero for cybercriminals.

First discovered back in October by Panda Security, WannaMine has now been seen cropping up in a number of malware infections according to cyber security firm CloudStrike.

“This fileless malware leverages advanced tactics and techniques to maintain persistence within a network and move laterally from system to system,” explained CloudStrike’s security researchers.

“First, WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials. If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017.”

Hackers are apparently infecting machines using a range of techniques from email phishing attacks to remote access hacking. And the use of Mimikatz means that even machines patched against EternalBlue could be vulnerable.

Now while the malware may not seem like its as dangerous as NotPetya or WannaCry, as it doesn’t lock users out of their machines, CloudStrike noted in one case it sucked up nearly 100 per cent of a client’s IT environment capability by over-utilising CPUs.

For companies running server farms or data centres, that is bad news. And for individuals, it could mean you end up with a bogged down laptop or PC with a CPU that being overworked round the clock making it more prone to failing.

Beefed up anti-virus and cyber security tools as well as endpoint protection in businesses should go some way to mitigate the threat of WannaMine. But it does show how resourceful hackers are getting in finding new ways to make more off the computers of others. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend