While a second variant of the WannaCry(pt) ransomware (based on NSA's EternalBlue exploit) was spreading across the globe yesterday, The FT reports criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web.
On Monday, the WannaCry attack, which hit 370,000 computers across 150 countries, appeared to slow. Europol, the European police agency, said the spread of the virus had stalled in Europe. But while infection rates have slowed, a Europol spokeswoman warned, "we do not think this is the end of the crisis. The hackers have already evolved the malware, and will probably continue to do so."
Notably as Europe woke up (and US opened), the infection rate started to rise once again...
But as The FT reports, intelligence and law-enforcement officials said they fear WannaCry may foreshadow a wave of similarly damaging attacks, as criminals and others race to make use of digital weapons that for years were only available to the most technologically sophisticated nation states.
At least a dozen other NSA tools are currently being discussed and worked on as the basis of potential new cyber weapons on hacking forums on the dark web, parts of the internet not accessible via normal search engines.
The hacking tool, developed by the US National Security Agency and called EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.
As with the NSA’s EternalBlue, the tool on which WannaCry was based, EsteemAudit exploits a vulnerability in older versions of Microsoft’s Windows software in the way in which networked machines communicate with each other.
Ciaran Martin, director of the UK’s National Cyber Security Centre, said:
“There is a global ecosystem of cyber criminals and sophisticated hackers which are putting a lot of attack methodology into open-source.
“It gets modified and reused and upgraded. The volume of open-source exploits and that ecosystem are getting bigger.”
This is far from over.