Shadow Brokers likely to be overshadowed

By Balamurugan Selvaraj Published on May 18, 2017 05:52 PM IST

Are we gonna face cyber war? Media around the world are promoting ransomware threat as a worldwide threat, however, experts say otherwise.

This ransomware attack happened because of the SMB exploit in the Microsoft systems. And this SMB exploit (MS17-010) was initially exposed by Shadow Brokers on 14 April and this was one of the scheduled zero day exploits including Eternal Blue.

Last month, the Shadow Brokers had written a blog post in a letter format, which displayed various political outbreaks and their opinions on US President Donald Trump.

Now, they wrote an another blog post describing a business deal for upcoming NSA leaks. The group defamed US government and big technology giants including Microsoft. Shadow Brokers directly pointed at North Korea for this ongoing ransomware threat and asked America to wage war. But, actually, they indirectly conveyed the message that the North Korea has started the war on countries and it's the time for United Nations steppe in. Before Shadow Brokers, the ever-known hacktivist group Annonymous, alerted the world to be ready for war.

EXTENT OF DAMAGE

The word 'war' reminds one about two things: bloodshed and victory. But many nations don't want the first to happen, but need the second.

To attain that, violators choose cyber war. And the war began a few years back, when US spied on citizen activities. After that many small crimes such as malware attacks, data breach, phishing attacks happened.

Nothing has been exposed to a large extent like WannaCry. In the meantime, in the same SMB exploit, another malware attack has happened, which steals bitcoins from the user by blocking the SMB exploit in Microsoft systems.

The malware is actually an anti-malware for WannaCry, because it blocks the SMB exploit and prevents WannaCry from attacking vulnerable computers.

Researchers from Proof Point exposed an infected lab machine vulnerable to Eternal Blue attack. They expected that the malware attack would probably be WannaCry, but, surprisingly, the machine had been  infected with cryptocurrency miner Adylkuzz.

"As soon as it infects, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and downloads the mining instructions, cryptominer and cleanup tools," they mentioned in the blog.

WHAT CREATES CHAOS?

This ransomware attack has upset the routine life of the common man, Starting from hospitals to ATMs, services have been jeopardised. In India, confusion still remains whether ATMs are vulnerable to ransomware attack.

Security researchers Maliciouslink tweeted, "Many ATMs run XP Embedded, which would have been vulnerable to Eternal Blue. Not clear to me if WannaCry could infect them, though."

- CONCLUDED