Cybersecurity Group Links Illicit Mining To NSA-Developed Exploit

September 19, 2018 9:35 PM

Instances of cryptojacking, the practice of stealing the processing power of computers for the purpose of mining cryptocurrency, have skyrocketed over the past year, increasing 459 percent according to a recent report issued by the Cyber Threat Alliance, a nonprofit membership organization chartered by the likes of Symantec and Cisco. And the cryptojackers are using a tool that won’t seem to go away.

According to the report, cryptojackers are facilitating their attacks using EternalBlue, a vulnerability exploit conceived by the National Security Agency (NSA). The agency intended to keep the knowledge of the vulnerability to itself after discovering it, but in April 2017 the hacker group The Shadow Brokers obtained and publicly released the information. The exploit was quickly used in several high-profile cyberattacks, including the WannaCry ransomware.

Microsoft blamed the NSA in a public statement, saying, “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem … We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.” Microsoft created a patch to eliminate the EternalBlue vulnerability, but according to the Cyber Threat Alliance, more than a year later many businesses still haven’t installed the patch on their machines.

Though they are still using an old technique to breach the security of computer systems, cryptojackers do have some new tricks and are becoming more sophisticated. For one, they are now attacking machines other than just computers. “Attackers are increasingly targeting internet-of-things (IoT) devices, despite their lower processing power,” the report claims. “The targeting of routers and media devices, such as smart TVs, cable boxes, and DVRs, are on the rise.”

And when attacking computers, cryptojackers have new ways of evading detection. Some configure their software to the keep the CPU usage below a noticeable level. “[M]ore sophisticated attackers configured their mining software to only use 20 percent of the machine’s CPU. Other examples stop mining when mouse movement is discovered.”

The report also raised the possibility that cryptojacking could become a front on which nation-states begin attacking each other, especially over the long term, as more countries issue national cryptocurrencies. Cryptojacking could be used “as a form of economic warfare to destabilize economies,” says the report. “Illicit cryptocurrency mining by malicious actors could be used to drive up inflation or initiate 51 percent attacks, limiting the ability of a central government bank to control their economies.”

The good news, though, is that for now the Cyber Threat Alliance believes “network defenders have the ability to disrupt the activities of illicit miners by raising their costs and forcing them to change their behavior.”

Getting that EternalBlue patch might be a good place to start.

Tim Prentiss is a writer and editor for ETHNews. He has a master’s degree in journalism from the University of Nevada, Reno. He lives in Reno with his daughter. In his spare time he writes songs and disassembles perfectly good electronic devices.

Like what you read? Follow us on X @Bitnewsbot to receive the latest NSA, EternalBlue or other Ethereum technology news.