A recent surge in the illicit mining of cryptocurrencies has been identified and reported by the Cyber Threat Alliance (CTA), which works towards — “bringing people together to focus on specific problems, share threat information, and work together to provide a complete picture for the common good.“
EternalBlue At It’s Worst Again
Hackers have been able to make use of a software flaw to illicitly mine crypto, using EternalBlue, the same NSA-leaked tool which facilitated the worldwide WannaCry ransomware attack during 2017.
Using EternalBlue, hackers have been able to illegally access Microsoft Windows-based PCs which are not running the latest updates, and force the PCs to mine crypto assets without the knowledge of its victims. A notorious hacker group, known as The Shadow Brokers, is allegedly the one responsible for the leak of the EternalBlue exploit from America’s National Security Agency (NSA).
In a public statement, Microsoft blamed the NSA for the losses incurred, stating:
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber-security threats in the world today – nation-state action and organized criminal activity.”
How Crypto Hackers Stay Undetected
The CTA has further reported that the increase in illicit mining cases from 2017 to 2018 was a whopping 459 percent. Explaining why this figure increased drastically, the report noted that hackers have begun to program their mining malware in a manner that spreads across networks quicker.
Hackers configure the software to use approximately 20% of the CPU’s computational power to stay hidden. Other malicious individuals program the malware to stop as soon as mouse movement is detected. Hence, a user has almost no way of discovering the illegal processes that were in operation. Neil Jenkins, chief analytics officer of the Cyber Threat Alliance, has said — “sit back and watch the money roll in,” which is practically true due to the way the software operates.
The Next Step?
The CTA released their joint analysis, along with a key findings fact sheet in order to bring spark debate between cybersecurity experts and firms. The CTA has announced — “This Joint Analysis is a call to action for network defenders. CTA and network defenders have the ability to disrupt the activities of illicit miners by raising their costs and forcing them to change their behavior. Together, we can keep them from succeeding in their goals.”
The CTA is a well-known nonprofit membership organization, famous for many reports and studies. They have been chartered by many well-established corporations such as Symantec and Cisco.