Over the past three years, we have seen attacks from Petya, WannaCry and additional ransomware that have compromised and shut down everyone from the British NHS to small cities in America.
The latest attack is a variant of EternalBlue that has compromised at least 90,000 computers globally to install crypto mining software.
“Guardicore Labs has been tracking the Smominru botnet and its different variants – Hexmen and Mykings – since 2017. The attack compromises Windows machines using an EternalBlue exploit and brute-force on various services, including MS-SQL, RDP, Telnet and more. In its post-infection phase, it steals victim credentials, installs a Trojan module and a cryptominer and propagates inside the network.”
Infected networks include US-based higher-education institutions, medical firms and even cyber security companies. As the attacks were untargeted and did not discriminate against industries or targets, they reached victims in various sectors. When discussing worms, there are no interesting and uninteresting targets – every vulnerable server is under attack.
The latest threat is a move from ransomware to turning web accessible computers into mining drones.
The leveraging of a botnet makes this more problematic, as were a university or large corporation to be compromised, this opens the door to larger vulnerabilities with ransomware or DDoS (denial of service) attacks that could take out an entire network.
It’s a risky new world of cybersecurity today – it’s wise to make sure your CIO or CTO has your CEO up to speed, or bring in an outside resource who can help.