Published with Permission by:
Lint, James R., “WannaCry Ransomware Leads to Discovery of Earlier Hack”, In Cyber Defense, 06 June 2017, Web, http://incyberdefense.com/news/wannacry-ransomware-leads-discovery-earlier-hack/
There is a new attack related to the recent international WannaCry (also known as WanaCrypt0r 2.0) hack that occurred between May 12 and May 14. As of May 14, this hack had affected more than 70,000 computers and netted the hackers at least $15 million.
Yahoo Tech News reported that “The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, [it] uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.”
Bitcoin and other cyber currencies can be mined by allowing your computer to be used to solve math problems. In the past, it has been something that people volunteered to do to earn cybercurrency.
Filipino news source Agence France-Press states, “virtual currencies such as Monero and Bitcoin use the computers of volunteers for recording transactions. They are said to “mine” for the currency and are occasionally rewarded with a piece of it.”
WannaCry Hack Led Researchers to Discover Earlier Malware Attack
ABC News reported that “While investigating the WannaCry ransomware attacks, researchers at the cybersecurity firm Proofpoint stumbled upon another ‘less noisy’ form of malware called Adylkuzz that, the firm says, has likely generated millions of dollars in cryptocurrency for the unknown attackers.” Monero, a cybercurrency, has been named as a target for Adylkuzz.
“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”
Proofpoint identified Adylkuzz attacks dating back to May 2. Those attacks predate the WannaCry attacks, making Adylkuzz the first known widespread use of the leaked NSA hacking tools. It remained undetected for so long, Kalember says, because its impact on users is far less noticeable than ransomware.
“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”
Does the US Dominate the Strategic Cyber Battlefield?
The U.S. Army has published doctrine for Army Field Manual 3-12, “Cyberspace and Electronic Warfare Operations.” This manual notes that the U.S. may not dominate the cyber battlefield. The doctrine seeks to upgrade tactics and techniques for cybersecurity, while realizing that cybersecurity is a domain of combat, just as air, land and sea are domains.
Ryan Kalember at Proofpoint and many others have indicated that North Korean-backed hackers called the Lazarus Group might be responsible for the WannaCry hack. This group has been linked to a similar cryptocurrency mining attack in late 2016. However, no final attribution for the WannaCry hack has been determined, because attribution often takes months to complete.
North Korea Could Be Earning Funds from Cyber Attacks
North Korea has suffered sanctions for decades. Pyongyang’s recent actions of increasing construction of nuclear and missile facilities and missile tests have caused other countries to call for increased sanctions.
How is North Korea able to afford its nuclear program? The country could be behind cybercurrency mining.
The cyber battlefield is level with many countries focusing on cyber tools. Some of these countries are experiencing financial difficulties due to sanctions and embargoes.
By turning to cybercurrency, these countries are attempting to solve their financial problems through cybercurrency mining or ransomware. Their actions could be solutions to the diplomatic actions against them. While diplomatic and military tactics controlled rogue nations in the past, they are less effective in today’s cyber environment.
How to Protect Your Computer from Ransomware Attacks
To better protect your own computer, update your operating system often. Microsoft issued the first patch to prevent the WannaCry attack in March 2017.
A second update has been issued to block Adylkuzz. If you do not take care of your computer, you will be at risk. You will be vulnerable to ransomware and other attacks. If your computer’s operating system is running slowly, be sure to update it and your antivirus software at the same time.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”