Announcing CryptoSlate Research — gain an analytical edge with in-depth crypto insight. Learn more.

Hackers Using Software Vulnerability Stolen From the NSA to Illicitly Mine Crypto

Hackers Using Software Vulnerability Stolen From the NSA to Illicitly Mine Crypto

In a 25-page report released Wednesday, the Cyber Threat Alliance (CTA) detailed the worrying rise of illicit cryptocurrency mining in 2018; specifically, how hackers are using a software vulnerability leaked from the NSA last year to do it.

‘They’re Drinking Your Milkshake’

Hackers appear to be gaining entry to users’ systems the same way ransomware was implanted on so many computers during the 2017 WannaCry attacks: Through a vulnerability in outdated Windows operating systems, dubbed “Eternal Blue” by the NSA.

The vulnerability was leaked in 2017 alongside other stolen NSA documents by the Shadow Brokers hacker group. The resulting attacks impacted Britain’s National Health Service (NHS) and other public institutions worldwide.

According to the report, the malware detection the hackers use to steal computing power from unknowing users for illicit mining has seen more than a 400 percent surge since 2017.

In a blog post announcing the report, entitled “They’re Drinking Your Milkshake,” Neil Jenkins, chief analytical officer at the CTA, spells out how much illicit mining has exploded and why this is such a problem:

“…illicit mining is the ‘canary in the coal mine’ of cybersecurity threats. If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat. More sophisticated actors could use–or may already by using–that same access to lay the groundwork for you to have a really bad day.”

Why You Should Care

Adding to his sentiment, Jenkins says that an influx of illegal currency into the crypto market could devalue it due to the sheer volume of new units created.

Monero, for example, appears to be at the top of the list for currencies being targeted, with 85 percent of illicit mining operations manufacturing its token, followed by Bitcoin at 8 percent and other altcoins, which account for the final 7 percent, according to Bloomberg.

Related: Answering Vitalik Buterin’s 7 Hard Questions For the Blockchain World Part 3: Hacks, Security and Theft

Per the CTA’s findings, illegal mining is the “canary in the coal mine” of cybersecurity threats because it points to other weaknesses and vulnerabilities already present in the systems facing hacks.

A year on from Microsoft’s release of the patch for Eternal Blue, older, unpatched systems are still being hacked and other backdoors have been released as part of the stolen NSA documents. Jenkins argues that this points to a broader problem with patching and keeping up with cybersecurity standards—or what the CTA report dubs as “cyber hygiene.”

Both the wide accessibility and the ease of use of these system weaknesses means novice malevolent hackers can use them to hijack machines for illicit mining with “little upfront work or knowledge,” according to the CTA fact sheet.

Hacked computers can experience physical damage from overheating parts and slowdown from damaged data. Hacking tools, however, are becoming more sophisticated, with some not using much CPU power or ceasing operations when they detect mouse movement so that they can remain undetected for as long as possible on a host machine.

What You Can Do About It

People who’ve already downloaded the patch appear to be safe, at least from the exploitation of the Eternal Blue vulnerability, according to Microsoft Senior Director Jeff Jones, who said in an interview with Bloomberg:

“A security update was released in March 2017. Customers who applied the update are protected.”

The CTA report offers guidelines to follow and precautions people can take to protect themselves from the proliferation of this and other hacking efforts–including monitoring CPU power usage for unusual consumption, strict system privilege policies to control access to vulnerable data and checking running processes on your machine for command text used by mining malware.

The CTA predicts this threat will increase in the near future, and strongly recommends protecting your system now. Per the report:

“Given these potential impacts, illicit cryptocurrency mining is not a victimless or harmless activity. Individuals and enterprises must counter this threat.”

Cover Photo by Oskars Sylwan on Unsplash

Filed Under: Altcoins, Bitcoin, Hacks
John Bogna

John Bogna is a freelance writer and journalist with seven years of experience covering everything from arts to tech.

View author profile

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.