Adylkuzz and the New Age of Malware

Adylkuzz can teach us even a more important security lesson than WannaCry – if we pay attention.

Adylkuzz is a bit of malware that you probably didn’t hear, but ran amok in May 2017, infecting Windows computers around the globe and using them for its own purposes. No, we’re not talking about another name for WannaCry – we’re talking about a more insidious type of attack that illustrates just how dangerous malware can be.

The Case of Adylkuzz

With all the furor created over WannaCry, it was easy to miss another, related malware attack, one knows as Adylkuzz, which was noted around the same time. Adylkuzz was a very different type of malware from the ransomware WannaCry, which held files on Windows computers hostage in exchange for money.

Adylkuzz popped up using the same vulnerability as WannaCry, a Windows exploit used by the EternalBlue hacking tools (which was quite possibly developed by the NSA). However, this bit of malware acted very differently: Instead of trying to extort money, it silently sets to work install a cryptocurrency miner in the background of the computer. This “recruits” the computer for the hacker, using some of its processing power to literally create money – in this case, the cryptocurrency Monero.

As you can see, the goal of Adylkuzz was to stay invisible, and it was good at its job. The security organization Proofpoint only found Adylkuzz while it was researching how WannaCry worked. For a large chunk of May, Adylkuzz went around hiding in WannaCry’s shadow and infecting up to 150,000 machines until people realized it was also a problem.

What Makes This Type of Malware Dangerous

When WannaCry hit, everyone knew about it. That’s the good thing about ransomware – it has to announce itself to complete its goal. But not all malware has to do this, which is why attacks like Adylkuzz can be so dangerous for businesses. Imagine if this type of malware was working behind the scene to copy and send sensitive business data instead of just using processing power! Remember, it took weeks to find out that it even existed, and that’s a lot of time for malware to do its work. Often, the most dangerous types of cyber attacks are those that go unnoticed until it is too late.

The Good News About Adylkuzz

All right, let’s take a look at the good news here. Adylkuzz was, fortunately, not programmed with much malicious intent. As we mentioned, turning a computer in a miner while avoiding detection is far safer for your data than a destructive or theft-oriented bit of malware.

In an even stranger twist, Adylkuzz wasn’t all bad for the computers that it infected. The malware was programmed to stay undetected in part by blocking any other malware from infecting the computer, up to and including WannaCry, which actually made Adylkuzz-infected computers immune to the WannaCry threat. This was a smart move: When WannaCry was discovered and a solution was found, it also meant the end of Adylkuzz. This is a point in favor of white hat security – patching one vulnerability can remove multiple threats at once.

Finally, it’s worth noting that while WannaCry could automatically infect computers through network connections, Adylkuzz was limited to the hacker’s personal work, and only infected the machines that it was directed to, based on how vulnerable the hacker believed certain systems to be.

Why It’s Important to Acknowledge All Types of Malware

When a big story like WannaCry hits, it can spur many organizations to finally implement security upgrades and important new precautions to keep data safe. But in the long-term, this kind of approach creates its own problem. Systems cannot be accurately patched based on whatever the “threat of the day” may be. That leads to a very shortsighted approach that allows other, sneakier malware to infect systems that are not adequately prepared. For every news-cycle-dominating attack like WannaCry, there are several Adylkuzz attacks lurking, watching for lazy security.

If you want full protection for your Roswell business, it’s important to create a full security plan that includes regular updates and all necessary patches to protect from the latest threats. Centerpoint IT can help! Find out more about our IT systems services by calling us at (404) 781-0200 or emailing at info@centerpointit.com.