The same method of breaking in that’s used in WannaCry ransomware is being used to infiltrate crypto-mining platforms, and it’s been given the appropriate title of “WannaMine.” While this isn’t the first time hackers have used the EternalBlue exploit to spawn cryptocurrency, it’s been happening more often in recent months, and cybersecurity firm CrowdStrike is reporting that hackers’ capabilities are more sophisticated than ever.
So, how does WannaMine work?
“The file-less malware leverages advanced tactics and techniques to maintain persistence within a network and move laterally from system to system,” says security researchers at CrowdStrike in a January 25th blog. “This tool leverages persistence mechanisms and propagation techniques similar to those used by nation-state actors.”
“First, WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials. If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017,” they went on to explain.
Hackers are using a range of techniques from remote access hacking to phishing attacks to infect machines. And, given the hike in attacks, researchers are anticipating that the hackers behind WannaMine will soon evolve their capabilities to go undetected.
While the WannaMine attacks aren’t able to lock users out of their machines like NotPetya or WannaCry did, it does have the power to affect business operations and cause IT systems to crash. In fact, one CrowdStrike client noted that 100 percent of their IT environment capability was sucked up by over-utilizing CPUs.
How do I avoid WannaMine?
To mitigate the threat to your business and personal devices, take preventative measures and beef up your anti-virus and cyber security tools. Even if you don’t own cryptocoins or are part of the cryptocurrency scene, you are still at risk. WannaMine malware attacks attempt to acquire free use of your computer, whether you’re interested in cryptomining or not. Call your Managed Service Provider to see what they are doing to keep you safe, and if they aren’t meeting your needs, give the experts at Stability Networks a call today!