Leaked NSA Software ‘Eternal Blue’ Responsible Rise of Illegal Crypto-Mining

Sep 21 2018

Illegal cryptocurrency mining - the process of mining computers on a PC of an unsuspecting user - is a trend which is on a rise. A report from the Cyber Threat Alliance claims that there has been a 459% rise in illegal cryptocurrency mining in 2018, when compared to 2017. The Cyber Threat Alliance is a collective of security professionals from various major names around the world. An interesting point that this report raises is that a leaked National Security Agency tool is being used to mine cryptocurrencies. 

In 2017, ‘Eternal Blue’, a software that exploits vulnerabilities in Windows-based systems was stolen from the NSA and leaked on the internet. The software was leaked by a group of hackers known as ‘Shadow Brokers’. After leaking the software, they also made the source code public, which led to several hackers, particularly from North Korea and Russia, utilizing this vulnerability. 

This leak was featured in news last year when the WannaCry ransomware and NotPetya attacks took place, developed by North Korean and Russian hackers using an NSA tool. Thousands of computers around the world were affected - including hospitals where the loss of data caused a lot of chaos. 

“A security update was released in March 2017. Customers who applied the update are protected,” Jeff Jones, a senior director at Microsoft Corp., said in a statement to Bloomberg.   

This report from the Cyber Threat Alliance now claims that one of the biggest reasons for illegal cryptocurrency mining spiking by as much as 459% in a year’s time is because of this Eternal Blue software. The report digs deeper into the kinds of cryptocurrencies which are being mined, stating that:

  • 85% of the currencies that are being illegally mined comprise of Monero.

  • 8% of these illegal currencies are Bitcoins

What particularly attracts illegal cryptocurrency miners towards monero is the fact that the currency offers a great level of privacy and anonymity. It is harder to trace the transactions as well as the miners when it comes to Monero (XMR). Moreover, another major benefit that Monero mining has over other cryptocurrencies is the fact that it requires very little resources and can easily be mined. 

How to stay safe?

The report reads: 

"The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals. The rapid growth shows no signs of slowing down.”

McAfee, which is one of the security firms that are a part of the Cyber Threat Alliance has also come up with a blog post talking about the Eternal Blue exploit and how hackers used it for illegal cryptocurrency mining process. The company, on their blog, listed out a number of ways in which users can ensure that they can detect if they are falling a victim to such an attack or an exploit:

  • Monitor abnormal power consumption and CPU activity

  • Search logs for related mining strings such as Crypto, Coinhive, XMR, Monero, and cpuminer

  • Block mining pool communications

  • Use browser extensions to protect against browser-based cryptocurrency mining

Comments