NSA Exploits Used By Worm-cryptominer Combo To Attack Systems

It has been reported that security researchers recently found and analysed a worm-cryptominer combo that pauses the resource-intensive cryptomining process if it finds popular games running on the victim’s machine.. The malware combines Python and PowerShell to create a cryptocurrency miner, which also has a worm-like component that helps it move laterally and infect victims by using vulnerabilities such as the NSA-linked EternalBlue.

Experts Comments

August 22, 2019
Emile Monette
Director of Value Chain Security
Synopsys
An important mitigation that organisations might consider is the practice of requiring all software updates to be validated by the manufacturer prior to deployment at the organisation. That validation often includes verifying that the software is genuine, identifying and mitigating known vulnerabilities and weaknesses, as well as static, dynamic, and fuzz testing, among other security methods, dependent on the risk posture of the organisation.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.