NSA’s EternalBlue leak leads to 459% rise in illicit crypto mining, Cyber Threat Alliance report

“Illicit mining is the ‘canary in the coal mine’ of cybersecurity threats. If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat.”
– Neil Jenkins, Chief Analytic Officer for the Cyber Threat Alliance

A leaked software tool from the US National Security Agency has led to surge in Illicit cryptocurrency mining, researchers said on Wednesday. The report released by the Cyber Threat Alliance, an association of cybersecurity firms and experts, states that it detected a 459 percent increase in the past year of illicit crypto mining- a technique used by hackers to steal the processing power of computers to create cryptocurrency.

One reason for the sharp rise in illicit mining was the leak last year by a group of hackers known as the Shadow Brokers of EternalBlue. The EternalBlue was software developed by the NSA to exploit vulnerabilities in the Windows operating system. There are still countless organizations that are being victimized by this exploit, even after a patch for EternalBlue has been made available for 18 months.

Incidentally, the rise in hacking coincides with the growing use of virtual currencies such as bitcoin, ethereum or monero. Hackers have discovered ways to tap into the processing power of unsuspecting computer users to illicitly generate currency.

Neil Jenkins said in a blog post that the rise in malware for crypto mining highlights “broader cybersecurity threats”. Crypto mining which was once non-existent is, now, virtually on every top firm’s threat list.
The report further added that 85 percent of illicit cryptocurrency malware mines monero, and 8 percent mines bitcoin. Even though Bitcoin is well known as compared to Monero, according to the report, the latter offers more privacy and anonymity which help cyber criminals hide their mining activities and their transactions using the currency. Transaction addresses and values are unclear in monero by default, making it incredibly difficult for investigators to find the cybercrime footprint.

The blog advises network defenders to make it harder for cybercriminals to carry out illicit mining by improving practices of cyber hygiene. Detection of cyber mining and Incident response plans to the same should also be improved. Head over to techxplore for more insights on this news.

Read Next

NSA researchers present security improvements for Zephyr and Fucshia at Linux Security Summit 2018

Top 15 Cryptocurrency Trading Bots

Cryptojacking is growing cybersecurity threat, report warns