08:01 GMT14 July 2020
Listen Live
    Get short URL
    0 11

    Illegal cryptocurrency mining has increased 459 percent year-on-year in 2018, a report has revealed - and much of the surge is down to software flaws originally identified and exploited by the National Security Agency (NSA).

    The review points to a 629 percent increase in coin mining malware in the first quarter of 2018, with almost three million examples detected. Monero has been the primary target, accounting for 85 percent of all illegal crypto mining — Bitcoin accounted for a comparatively trifling eight percent of the illicit mining market, all other cryptocurrencies seven.

    Only Way is Up

    The report notes this increase is in a sense gravitational — by definition, anything with monetary value attracts criminal activity, and as cryptocurrency usage and value has grown, so has nefarious interest in the asset. Moreover, cryptocurrencies increasingly play a pivotal role in ‘dark web' markets for illicit goods such as drugs, weapons, purloined data and the like, due to the anonymity they theoretically provide.

    A man watches the prices of bitcoin at Bithumb cryptocurrency exchange in Seoul, South Korea, Wednesday, June 20, 2018
    © AP Photo / Ahn Young-joon
    A man watches the prices of bitcoin at Bithumb cryptocurrency exchange in Seoul, South Korea, Wednesday, June 20, 2018
    While the report notes the majority of illicit mining cases are relatively unsophisticated, often leveraging spam email campaigns and phishing. However, in an ironic twist, the growth in illicit crypto mining has also been greatly facilitated by the leak of EternalBlue, a Microsoft Windows security vulnerability exploit originally developed by the NSA, in 2017.

    The vulnerability exploits Microsoft Server Message Block 1.0, a network file sharing protocol, and allows applications on a computer to read and write to files and request services on the same network.

    When the tool was leaked in 2017, hackers found a flaw of their own in the NSA software, allowing them to manipulate the power of other computers to mine cryptocurrency.

    Tangled Up in Blue

    The exploit became so widely used by hackers Microsoft was moved to issue a 'critical' security update, even extending to Windows XP operating systems, which the tech giant officially ceased supporting in 2014.

    Links Exposed Between Regin Malware and NSA QWERTY Spy Tool
    © Flickr / Jamie Henderson
    Links Exposed Between "Regin" Malware and NSA QWERTY Spy Tool
    However, the company's efforts have done little to dent its prevalence in cyberattacks. Elements of the exploit have even been woven into two common Trojans — Retefe and TrickBot — used in various email phishing campaigns targeted at companies and individual users, allowing for the much more effective spread of viruses through computer networks. The malicious pair have been used to attack banks in Austria, Sweden, Switzerland, Japan and the UK.

    EternalBlue was also fundamental to the notorious worldwide cyberattack ‘WannaCry' in May 2017, which targeted computers running Microsoft Windows by encrypting data and demanding ransom payments from users in the form of Bitcoin.-

    In the wake of the attack, Microsoft strongly condemned the NSA, and governments more generally, for hoarding vulnerabilities, urging nation state actors to report vulnerabilities to vendors "rather than stockpile, sell, or exploit them".

    "This attack provides yet another example of why stockpiling vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. The governments of the world should treat this attack as a wake-up call. They need to take a different approach, adhere in cyberspace to the same rules applied to weapons in the physical world [and] consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," company President Brad Smith said.


    WannaCry Copycat WannaMine Spreads as Corporate, Gov’t Server Networks Hit
    Cryptocurrency Emission, Circulation 'Can't Be Allowed Now' in Russia - Official
    Cryptocurrency Installed Into Banking System: 'It Will Rule the Sphere' - Expert
    WikiLeaks Claims Cryptocurrency Exchange Shut Down Its Bitcoin Account
    WannaCry, NSA, malware, NSA spying, NSA, Microsoft, United States, United Kingdom
    Community standardsDiscussion