Hackers are targeting bitcoin with a leaked NSA software tip
Hackers are illegally generating Monero, Bitcoin and other cryptocurrencies by exploiting a software flaw that was leaked from the U.S. government, according to new research, raising questions about the security of one of the fastest-growing corners of financial markets.
Detected cases of illicit cryptocurrency mining, the digital equivalent of minting money, have surged 459 percent in 2018 compared to last year, Cyber Threat Alliance said in a report released Wednesday.
The spike is tied to the 2017 leak of Eternal Blue, a tool to exploit vulnerabilities in outdated Microsoft Systems software. When the tool became known, it tipped hackers to a previously unknown flaw in the software, now the basis of some hackers’ efforts to commandeer computing power of others to generate digital currency.
As of July this year, 85 percent of all illicit cryptocurrency mining has targeted Monero, according to the report. Bitcoin made up about 8 percent, while other cryptocurrencies accounted for 7 percent.
Hackers can "sit back and watch the money roll in," said Neil Jenkins, chief analytic officer of Cyber Threat Alliance, a group formed in 2014 by a consortium of cyber-security firms to share intelligence about cyber-threats. While the hacks are occurring across the globe, a significant portion are in the U.S., he added.
Bitcoin and other cryptocurrencies are generated through a process of solving complex mathematical equations, which requires significant computing power. Most users and investors lack the means to create, or mine, cryptocurrency and simply buy it from an online exchange. When hackers illicitly generate currency using others’ computers, it creates free money for them and could erode the overall value of the currency by increasing its supply.
Eternal Blue was allegedly stolen from the National Security Agency and leaked last year in an unsolved breach by a hacking group that calls itself the Shadow Brokers. The group has repeatedly released tools from that breach.
The code gained notoriety when Russia and North Korea used it in massive attacks. In the first instance, known as WannaCry, North Korean hackersshut down computers in dozens of countries, including Britain, where hospitals were hit. In the second, known as NotPetya, Russia used Eternal Blue to hack computers at companies including Denmark’s A.P. Moller-Maersk A/S, leading to billions of dollars of damage, according to the White House.
“A security update was released in March 2017. Customers who applied the update are protected,” Jeff Jones, a senior director at Microsoft Corp., said in a statement.
The NSA declined a request for comment.
"The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals," according to the report. And the “rapid growth shows no signs of slowing down.”