Illicit Crypto Mining Jumps 459% This Year, in Part Thanks to Leaked NSA Tool

Cyber Threat Alliance published a report that found that illicit cryptocurrency mining increased almost fivefold this year.

Cyber Threat Alliance said that illegal cryptocurrency mining had increased 459% this year compared to 2018. The report, published on Wednesday, touches upon detected cases only. What’s more interesting is that hackers are using a software flaw allegedly leaked from the National Security Agency (NSA) of the US government. The tool helps them generate Monero, Bitcoin and other coins.

The increase in illicit crypto mining cases is related to the leak of Eternal Blue, a tool that gives exposure to vulnerabilities in older Microsoft programs. When the tool was leaked in 2017, hackers found a new flaw in the NSA’s software, which allows them to manipulate the computing power of others to mine cryptocurrency.

The hacking team behind the leak of Eternal Blue calls itself the Shadow Brokers. The group has provided tools from the breach multiple times. The code became popular when North Korea and Russia applied it in several major attacks. North Korea used Eternal Blue to shut down computers in the UK and others countries, while Russia used the tool to hack computers at major companies, including A.P. Moller-Maersk.

Microsoft was forced to release a security update in March 2017 to protect its clients. Those who applied the update are now safe from risks of being hacked with Eternal Blue.

Cyber Threat Alliance, a consortium of cyber-security companies formed in 2014, noted in its report that 85% of all illegal crypto mining has been aimed at Monero, according to data as of July 2018. Bitcoin accounted for 8% of illicit mining, while the rest of the coins are left at 7%.

Neil Jenkins, chief analytic officer at the alliance, was cited by Bloomberg, saying that hackers “could sit back and watch the money roll in.” He also noted that the US accounts for the largest share of such hacks.

The report concludes:

“The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals,” while the “rapid growth shows no signs of slowing down.”

According to the alliance, most cases of illegal mining still come from unsophisticated attacks that are based on phishing, spam email campaigns, direct exploitation or readily available exploit kits.