Before WannaCry, Cryptocurrency Miners Exploited SMB Flaw

Massive Cryptocurrency Malware Campaign Blocked SMB Flaw, Blunting WannaCry

Weeks before the WannaCry outbreak, other attackers unleashed malware that targeted the same SMB flaw in Windows. But instead of installing ransomware, this campaign instead infected endpoints with Adylkuzz cryptocurrency mining software, security researchers say.

As a side effect, the malware also blocked any other attack code from exploiting the SMB flaw to gain a presence on the endpoint, which may have blunted the impact of Friday’s WannaCry outbreak.

So says “Kafeine,” a malware researcher with security firm Proofpoint, who reports that researchers have identified at least 20 hosts being used to scan for potentially vulnerable systems via TCP port 445 and launch related attacks, and 12 command-and-control servers for controlling infected endpoints. But the security firm says the actual attack infrastructure is likely much larger.

Continue reading…