The Cyber Threat Alliance has just released their latest Joint Analysis focusing on the threat posed by illicit cryptocurrency mining. The report shows that incidents of the cyber attack have surged a massive 459 percent since last year.
Incidents of Illicit Mining Surge After Leak of Eternal Blue Exploit
The Joint Analysis of illicit cryptocurrency mining by the Cyber Threat Alliance was published earlier today. The report itself is titled, “They’re Drinking Your Milkshake: CTA’s Joint Analysis on Illicit Cryptocurrency Mining.” It states:
“If 2017 was defined by the threat of ransomware, 2018 has been dominated by illicit cryptocurrency mining.”
Bloomberg claim that the dramatic increase in those impacted by the cyber attack identified by the Cyber Threat Alliance is linked to a leak of a piece of software known as Eternal Blue last year.
The tool can be used to exploit weaknesses in Microsoft Systems that are not running the latest updates. Hackers have been able to use the vulnerability to co-opt machines, forcing them to run cryptocurrency mining software without the owner of the machines consent.
Eternal Blue is thought to have been stolen from the National Security Agency by a group called Shadow Brokers. It has since been used in two high profile attacks – WannaCry and NotPetya.
Since the leak of the software, Microsoft have released a patch fixing the vulnerability. One of their senior directors, Jeff Jones, said the following about the fix:
“A security update was released in March 2017. Customers who applied the update are protected.”
Much of the illicit cryptocurrency mining targets the privacy-focused currency Monero – as much of 85 percent. Meanwhile, 8 percent favour mining Bitcoin on “borrowed” hardware and 7 percent target some other digital currency.
The Bloomberg report goes on to state that hackers generating cryptocurrency on other people’s machines can reduce the value of the crypto being mined by increasing its supply. However, this is complete nonsense. Since proof-of-work mining algorithms contain difficulty adjustments, it makes no difference how much hashing power a network has to the rate of release. Whether it was 5,000 nodes mining the network or five million, the overall supply and rate of issuance will be the same.
The CTA report itself states that illicit cryptocurrency mining can not only slow computer systems down, but it is also often indicative of a huge large hole in the operators’ digital security, however:
“…illicit mining is the “canary in the coal mine” of cybersecurity threats. If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat… More sophisticated actors could use – or may already be using – that same access to lay the groundwork for you to have a really bad day.”
Featured image from Shutterstock.