No report yet of global cryptocurrency attack in India: CERT-In

May 19, 2017

Allaying fears that after WannaCrypt ransomware, India will be targeted by a cryptocurrency malware attack that quietly but swiftly generates digital cash from machines it has infected, the country’s cybersecurity unit on Thursday said India is safe from the Adylkuzz malware.

“There are no reports of this Adylkuzz malware from the Indian establishments yet. Users are advised to maintain updated anti-virus software and apply patches to operating systems and applications on regular basis,” Sanjay Bahl, director general of the Computer Emergency Response Team (CERT-In), told IANS.

After facing a massive ransomware attack that exploited a vulnerability in a Microsoft software and hit 150 countries, the same Windows vulnerability (MS17-010) was also exploited to spread Adylkuzz by another group of hackers.

According to a report in The Registrar, tens of thousands of computers globally have been affected by the Adylkuzz cyberattack, which targets machines, lets them operate and slows them down to generate digital cash or ‘Monero’ cryptocurrency in the background.

‘Monero’ — being popularised by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.

It is an alternative to Bitcoin and is being used for trading in drugs, stolen credit cards and counterfeit goods.

“There is no need to panic as CERT-In publishes regular advisories and vulnerability notes on its website as well as some on Cyber Swachhta Kendra website,” Bahl said.

According to Nick Savvides, manager, cybersecurity strategy at Symantec who is based out of Melbourne, Australia, the attack is not on the math behind the cryptocurrencies.

“Instead, it is based on compromising computer to be used to mine cryptocurrencies for the benefit of attackers. Essentially stealing people’s power and CPU to generate new cryptocurrency coins,” Savvides told IANS.

Organisations should never conclude that the absence of a major cyberattack means that they have effective cyber defences.

“WannaCry and Adylkuzz show how important security patches are in building and maintaining those effective defences, and why regular patching plans to mitigate environment vulnerabilities need to become a higher priority,” added Steve Grobman, senior vice-president and chief technology officer, McAfee.

One difference between Adylkuzz and WannaCry is that it is advantageous for Adylkuzz to remain undetected and run as long as possible to maximise the amount of time a machine can be used for mining.

“There are the latest reminders of how the to-patch-or-not-to-patch risk analysis needs to be rethought within organisations worldwide,” Grobman told IANS.