Last year, a Windows exploit developed by the NSA was leaked called EternalBlue. That exploit was then used to initiate the WannaCry and NotPetya cyberattacks. Now it seems the same EternalBlue exploit is being used to infect computers with a new strain "WannaMine." After infection, the script uses Powershell and Windows Management Instrumentation. It first uses a tool called "Mimikatz" to pull logins and passwords from system memory, and if that fails, WannaMine uses EternalBlue to force it's way in.
This is starting to get a little ridiculous. Crowdstrike goes into how it detected and defeated WannaMine on client's systems, but also states that WannaMine is fileless, and since it uses legitimate system software to run, makes it nearly impossible for organizations to block it without "some form of next-generation antivirus."
CrowdStrike expects to see much more cryptomining activity in 2018, resulting in business disruptions and downtime that can impact the bottom line. As organizations and companies come to understand how these traditionally unsophisticated actors are using increasingly sophisticated tactics, they can take a vital step toward promoting a stronger security posture and avoiding unnecessary interruptions that can affect critical business processes.
This is starting to get a little ridiculous. Crowdstrike goes into how it detected and defeated WannaMine on client's systems, but also states that WannaMine is fileless, and since it uses legitimate system software to run, makes it nearly impossible for organizations to block it without "some form of next-generation antivirus."
CrowdStrike expects to see much more cryptomining activity in 2018, resulting in business disruptions and downtime that can impact the bottom line. As organizations and companies come to understand how these traditionally unsophisticated actors are using increasingly sophisticated tactics, they can take a vital step toward promoting a stronger security posture and avoiding unnecessary interruptions that can affect critical business processes.