Cryptocurrency Mining Hacks Allegedly Skyrocket In Part Due To Leaked NSA Tool

Let's start with the good news. Cryptocurrency mining on GPUs has waned considerably, and the shortage of graphics cards that made it nearly impossible to score a mid-range or high-end GPU at or near MSRP is over (for the most part). Are you ready for the bad news? Be that as it may, cryptocurrency mining hacks are on the rise, and a leaked tool by the US National Security Agency (NSA) may be partially to blame.

That's the takeaway from a new report by Cyber Threat Alliance (CTA), a cybersecurity association with some major names among its members, including Cisco, Juniper Networks, McAfee, Sophos, Symantec, and others.

The tool in question is "EternalBlue," developed by the NSA and leaked last year by hacking group Shadow Brokers. EternalBlue exploits a vulnerability in Microsoft's Server Message Block (SMB) protocol, and was used as part of the WannaCry ransomware attack that, among other things, caused a ruckus in UK hospitals last year.

"A patch for EternalBlue has been available for 18 months and even after being exploited in two significant global cyberattacks—WannaCry and NotPetya—there are still countless organizations that are being victimized by this exploit, as it’s being used by mining malware such as Adylkuzz and Smominru. This is a vulnerability that can escalate lateral movement within an organization," CTA said.

In a related blog post, CTA's chief analytic officer Neal Jenkins said there has been a 459 percent increase in illicit cryptocurrency mining malware detections among CTA's members since 2017. Furthermore, he said "this rapid growth shows no signs of slowing down."

"If 2017 was defined by the threat of ransomware, 2018 has been dominated by illicit cryptocurrency mining" Jenkins added.

Jenkins also warned against shrugging off the threat of cryptocurrency mining hacks as no big deal. Even though there could be worse things than giving up some computer resources, the presence of illicit mining software is indicative of potentially weak security.

"If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat. More sophisticated actors could useš—or may already by using—that same access to lay the groundwork for you to have a really bad day," Jenkins said.