A report from the Cyber Threat Alliance (CTA) indicates a massive 459% increase in the rate of illegal cryptojacking, through which hackers hijack computer processing power to mine cryptocurrencies like bitcoin and monero.
As CCN recently reported, the Indian government was recently targeted in a cyberattack which hijacked processing power from government website servers to mine cryptocurrency.
Computers infected with cryptojacking malware are used to mine cryptocurrency networks like monero. The funds are sent to the hacker in control of the software, slowing down the owner’s computer, often without them realizing they’re infected.
The massive surge in cryptojacking is attributed to the leak of EternalBlue, a tool used to exploit vulnerabilities in Windows-based systems. Windows and the NSA both have their share of the blame for the leak, which occurred in April 2017 when a group calling themselves the Shadow Brokers put a packet of stolen NSA tools on the market.
The NSA had been developing the tools for their own cyberattacks, and the sophistication of the software made for some very formidable malware, such as the infamous WannaCry ransomware which has led to the disruption of crucial services in hospitals, factories, and government facilities around the world.
“A patch for EternalBlue has been available for 18 months and even after being exploited in two significant global cyberattacks – WannaCry and NotPetya – there are still countless organizations that are being victimized by this exploit, as it’s being used by mining malware,”said a blog post by Neil Jenkins, chief analytics officer for the CTA.
The packet was also used to develop malicious cryptocurrency mining software which has proven both lucrative and difficult to stop. One monero mining campaign called Somominru made $2.3 million by Feb. 2018. XMR is by far the hacker’s preferred currency with 85% of the crypto illegally mined being monero, while bitcoin accounts for 8%. CTA researchers point out that the anonymity helps “malicious actors hide both their mining activities and their transactions.”
While the malware relies on outdated Windows software to function, Microsoft blamed the U.S. government for the breach, accusing it of “stockpiling weapons for cyber attack.”
Microsoft President and Chief Legal Officer Brad Smith said: ‘This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”