A leading cybersecurity company Cybereason claims that leaked NSA hacking tool EternalBlue is still immensely popular with cryptojackers. One of Fortune 500 entries has recently become the victim of WannaCry.
WannaMine is the new WannaCry
Back in April, EternalBlue, a classified exploit of the National Security Agency, leaked online, by a group of hackers dubbed the Shadow Brokers. Despite the fact that the NSA officially denied its involvement in the creation of this tool, a slew of authoritative reports eventually confirmed its origin. Eventually, the tool has become a true workforce for hackers since it would allow them to gain access to practically any Windows machine.
WannaCry infections proved to be very costly for numerous companies that lost millions of dollars due to the vulnerability. While there are not as widespread as a year ago, some of the NSA exploits are still used by hackers to covertly mine cryptocurrencies.
Fortune 500 entries among the targets
According to a TechCrunch report, even the biggest corporations around the globe are not immune to WannaCry infections. Cybereason’s Amit Serper claims that one their big-name customers have been compromised by hackers, not disclosing the name of an actual company. She adds that their malware infected up to 1,000 of the company’s machines in a single day.
Why is there so much fuss around WannaMine?
Sure, undercover mining is nothing new in the world of crypto (it seems like these scams have been around forever). However, as Cybereason suggests, WannaMine blows trite hacking tricks out of the water. It uses the powerful NSA exploits in order to infect any machine within. Basically, it can swiftly penetrate thousands of computers and mine crypto, draining computer resources without a visible damage. WannaMine is capable of constantly keeping the infected machine awake and even effectively determine other mining malware in order to terminate it.
The chilling fact is that over 919,000 servers can still be infected by EternalBlue.