• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

EternalBlue and DoublePulsar hacking tools are back in action.

by Cyber360 News
November 11, 2019
in Malware
0
EternalBlue and DoublePulsar hacking tools are back in action.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

EternalBlue and DoublePulsar hacking tools are back in action.

Symantec security researchers have identified that cybercriminals are still utilizing the classified exploits/hacking tools of the National Security Agency (NSA), which were stolen about two years back. The new malware has been dubbed Beapy by researchers.

Beapy is a new malware that makes use of leaked hacking tools for spreading the infection at blazing fast speed across corporate networks and turn the computers into cryptocurrency mining machines. The computers are mainly enslaved to mine for Monero (XMR) cryptocurrency and the primary targets of this malicious new campaign are enterprises in Asia.

Monero is emerging as the most preferred cryptocurrency in such campaigns and enterprises are the primary targets of hackers in cryptojacking campaigns as they have a massive network of computers, which promises higher revenues for the attacker.

In a blog posted on Wednesday, Symantec researchers wrote that more than 80% of the victims of this cryptomining campaign are located in China while Japan, Vietnam, and South Korea are also among the targets.

Beapy’s code is different because it isn’t browser-based but a file-based crypto-miner that performs its nefarious task by sending a malicious Excel file to the target device as an email attachment. If the recipient opens the file, the DoublePulsar backdoor, which was developed by the NSA, is instantly downloaded on the system.

After the backdoor is installed, the next phase is to download the miner, which is done by using EternalBlue, another leaked NSA tool. EternalBlue is tasked with spreading the infection across the network and look for unpatched computers to steal credentials and further spread the malware. Beapy uses the open-source credential stealer called Mimikatz, which can collect passwords from unpatched computers to look for other vulnerable devices.

Info: NSA hacking tools were leaked by the infamous Shadow Brokers hacking group!

Symantec researchers claim that Beapy was firstly identified in January but its activity was suddenly increased in March with over 12,000 unique devices infected across more than 700 enterprises. It is worth noting that the backdoor was part of the hacking tools leaked by Shadow Brokers.

Both EternalBlue and DoublePulsar were previously used in several destructive hacking campaigns such as the WannaCry ransomware attack back in 2017.

The impact of cryptojacking campaigns can be devastating because it can slow down the device, which affects the performance of the machine and lead to a reduction in employee productivity as well as increasing time and costs of day-to-day operations. However, Symantec has witnessed a considerable drop in cryptojacking campaigns this year. As noted by Symantec researchers in their blog:

“Looking at the overall figures for cryptojacking, we can see that there were just under 3 million cryptojacking attempts in March 2019. While a big drop from the peak of February 2018, when there were 8 million cryptojacking attempts, it is still a significant figure.”

“Crypto-mining operations could be running within your organization’s network – draining vast amounts of energy – without your knowledge. IT teams need to be vigilant. The best thing to do is look for anomalies in your electricity bill. You should also measure changes in your HVAC usage for heat dissipation, although this will be more difficult. Beyond that, look for sudden changes in capacity or usage, as well as significant deviations in pattern and velocity,” said Barry Shteiman, VP of Research and Innovation at Exabeam.

“The best approach to detecting irregular network behavior is using an emerging technology called entity analytics. This automates detection by baselining normal machine behavior and highlighting the anomalies. Deviation from these benchmarks may be an indicator of capacity abuse, and will the best marker of malicious cryptomining activity on your network,” Shteiman advised.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
Bulletproof hoster not so Bulletproof after all.

Bulletproof hoster not so Bulletproof after all.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In