NSA's Microsoft SMB protocol exploit EternalBlue returns with WannaMine cryptocurrency-jacking malware
If you haven't patched against EternalBlue yet, you probably deserve to be crypto-jacked
EternalBlue is back - although it never really went away.
This time, the US National Security Agency (NSA) exploit, released last year by the Russia-linked Shadow Brokers group, has been embedded in cryptocurrency mining malware dubbed WannaMine.
In addition to being used in the WannaCry and NotPetya malware in May and June last year, it has also been embedded in the Retefe banking trojan since the beginning of September last year.
This time round, rather than locking victims out of their computers and demanding a ransom that may or may not be honoured, it's enabling cryptocurrency jacking malware to surreptitiously tap into CPU and GPU power to generate digital currencies like Bitcoin and Monero for cyber crooks.
First discovered back in October by Panda Security, WannaMine has now been seen cropping up in a number of malware infections according to cyber security firm CrowdStrike.
"This fileless malware leverages advanced tactics and techniques to maintain persistence within a network and move laterally from system to system," according to CrowdStrike security researchers.
"First, WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials. If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017."
Hackers are apparently infecting machines using a range of techniques from email phishing attacks to remote access hacking. And the use of Mimikatz means that even machines patched against EternalBlue could be vulnerable.
Now while the malware may not seem like its as dangerous as NotPetya or WannaCry, as it doesn't lock users out of their machines, CrowdStrike noted in one case it sucked up nearly 100 per cent of a client's IT environment capability by over-utilising CPUs.
For companies running server farms or data centres, that is bad news. And for individuals, it could mean you end up with a bogged down laptop or PC with a CPU that being overworked round the clock making it more prone to failing.
Beefed up anti-virus and cyber security tools as well as endpoint protection in businesses should go some way to mitigate the threat of WannaMine. But it does show how resourceful hackers are getting in finding new ways to make more off the computers of others.