No report yet of global cryptocurrency attack in India: CERT-In

Allaying fears that after "WannaCrypt" ransomware, India will be targeted by a cryptocurrency malware attack that quietly but swiftly generates digital cash from machines it has infected, the country's cyber security unit on Thursday said India is safe from the "Adylkuzz" malware.

"There are no reports of this 'Adylkuzz' malware from the Indian establishments yet. Users are advised to maintain updated anti-virus software and apply patches to operating systems and applications on regular basis," Sanjay Bahl, Director General of the Computer Emergency Response Team (CERT-In), told IANS.

After facing a massive ransomware attack that exploited a vulnerability in a Microsoft software and hit 150 countries, the same Windows vulnerability (MS17-010) was also exploited to spread "Adylkuzz" by another group of hackers.

According to a report in The Registrar, tens of thousands of computers globally have been affected by the "Adylkuzz attack" that targets machines, lets them operate and only slows them down to generate digital cash or "Monero" cryptocurrency in the background.

"Monero" -- being popularised by North Korea-linked hackers -- is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.

It is an alternative to Bitcoin and is being used for trading in drugs, stolen credit cards and counterfeit goods.

"There is no need to panic as "CERT-In publishes regular advisories and vulnerability notes on its website as well as some on Cyber Swachhta Kendra website," Bahl said.

According to Nick Savvides, Manager, Cyber Security Strategy at Symantec who is based out of Melbourne, Australia, the attack is not on the math behind the cryptocurrencies.

"Instead, it is based on compromising computer to be used to mine cryptocurrencies for the benefit of attackers. Essentially stealing people's power and CPU to generate new cryptocurrency coins," Savvides told IANS.

Organisations should never conclude that the absence of a major cyber-attack means that they have effective cyber defences.

"'WannaCry' and 'Adylkuzz' show how important security patches are in building and maintaining those effective defences, and why regular patching plans to mitigate environment vulnerabilities need to become a higher priority," added Steve Grobman, Senior Vice President and Chief Technology Officer, McAfee.

One difference between "Adylkuzz" and "WannaCry" is that it is advantageous for "Adylkuzz" to remain undetected and run as long as possible to maximise the amount of time a machine can be used for mining.

"There are the latest reminders of how the 'to patch or not to patch' risk analysis needs to be rethought within organisations worldwide," Grobman told IANS.

--IANS

na/dg