“The file-less malware leverages advanced tactics and techniques to maintain persistence within a network and move laterally from system to system,” says security researchers at CrowdStrike in a January 25th blog. “This tool leverages persistence mechanisms and propagation techniques similar to those used by nation-state actors.”
“First, WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials. If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017,” they went on to explain.
Hackers are using a range of techniques from remote access hacking to phishing attacks to infect machines. And, given the hike in attacks, researchers are anticipating that the hackers behind WannaMine will soon evolve their capabilities to go undetected.
While the WannaMine attacks aren’t able to lock users out of their machines like NotPetya or WannaCry did, it does have the power to affect business operations and cause IT systems to crash. In fact, one CrowdStrike client noted that 100 percent of their IT environment capability was sucked up by over-utilizing CPUs.