A crypto-mining exploit attack, has as of late been discovered in Windows 7 , the ex-operating system which ceased to exist only a couple of days back as per the official announcement by Microsoft, hidden away in sound WAV records.
Ophir Harpaz and Daniel Goldberg, two security analysts at Guardicore Labs, have uncovered how a medium-sized medical tech sector business was attacked by cryptominers utilizing WAV audio files to muddle the malware.
While trying to exploit the EternalBlue vulnerability the attackers focused on the organization’s system, running Windows 7 machines in December 2019. The EternalBlue exploit has been around for quite a few years now and was even behind the scandalous WannaCry attacks that hit the U.K. National Health Service (NHS) in 2017.
The Guardicore research journey started in October 2019, when a number of blue screens of death began coming up on Windows machines in the target network. Further investigations unveiled that over half of the system, some 800 endpoints, were getting to suspicious data in a registry key.
And soon enough the Guardicore researchers found a Monero crypto-mining module, utilizing steganography to hide within the audio WAV files.
Daniel Goldberg, a senior cybersecurity researcher at Guardicore Labs and one of the report authors, when asked to comment on the risk-level for those still running Windows 7 replied that, “The risks are crazy high to organizations facing this WAV-based attack if they are running a Windows 7 system after EoL. Before the quarter is over, there will be other vulnerabilities discovered in Windows 7 too that will not be fixed by Microsoft and will also be easy to exploit.”
Further going on to describe the WAV-based attack threat to Windows 7 as being “like a hot knife through butter.”
Apart from updating to Windows 7 , whether there exists any other way for those who will not or cannot make a move away from Windows 7, Goldberg points out, “Segment machines you can’t support away from the internet and the rest of your network, your old windows 7 machine running this critical but obsolete application should not be accessible from the internet, or most of the machines in your networks.”
Additionally arguing that the best offense is a good defense, Terry Ray, senior vice-president and fellow at Imperva, a cyber-security software and services company, says, “Businesses must be responsible, and act in favor of their customers, who trust them with their information, by updating their systems, if not, they will face severe consequences which will come at a huge cost to the customer, and the future of the business. Simply put, don’t fall victim and instead, upgrade to up to date systems which generate regular security updates and have the right systems in place to deter attacks.”