The Cyber Threat Alliance detailed the worrying rise of illicit cryptocurrency mining in 2018; specifically, how hackers are using a software vulnerability leaked from the NSA last year to do it.
Through a vulnerability in outdated Windows operating systems, dubbed "Eternal Blue" by the NSA.The vulnerability was leaked in 2017 alongside other stolen NSA documents by the Shadow Brokers hacker group.
"Illicit mining is the 'canary in the coal mine' of cybersecurity threats. If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat. More sophisticated actors could use-or may already by using-that same access to lay the groundwork for you to have a really bad day."
Monero, for example, appears to be at the top of the list for currencies being targeted, with 85 percent of illicit mining operations manufacturing its token, followed by Bitcoin at 8 percent and other altcoins, which account for the final 7 percent, according to Bloomberg.
Per the CTA's findings, illegal mining is the "Canary in the coal mine" of cybersecurity threats because it points to other weaknesses and vulnerabilities already present in the systems facing hacks.
A year on from Microsoft's release of the patch for Eternal Blue, older, unpatched systems are still being hacked and other backdoors have been released as part of the stolen NSA documents.
Both the wide accessibility and the ease of use of these system weaknesses means novice malevolent hackers can use them to hijack machines for illicit mining with "Little upfront work or knowledge," according to the CTA fact sheet.
Hacking tools are becoming more sophisticated, with some not using much CPU power or ceasing operations when they detect mouse movement so that they can remain undetected for as long as possible on a host machine.
The CTA report offers guidelines to follow and precautions people can take to protect themselves from the proliferation of this and other hacking efforts-including monitoring CPU power usage for unusual consumption, strict system privilege policies to control access to vulnerable data and checking running processes on your machine for command text used by mining malware.
"Given these potential impacts, illicit cryptocurrency mining is not a victimless or harmless activity. Individuals and enterprises must counter this threat."
Hackers Using Software Vulnerability Stolen From the NSA to Illicitly Mine Crypto
Publié le Sep 19, 2018
by Cryptoslate | Publié le Coinage
Coinage
Nouvelles récentes
Voir tout
First Mover: What's Next for Bitcoin as Wall Street Gets Vaccine Booster
Bitcoin was higher for a second day, staying in a range of between roughly $15,200 and $15,600, as news of progress in developing a coronavirus vaccine appeared to touch off a rally in U.S. stocks.
Market Wrap: Bitcoin Fails to Break $15.9K; Over 50K ETH Staked on Eth 2.0 Contract
Bitcoin gained Wednesday while Ethereum 2.0 staking has been ramping up.
Citibank Analyst Says Bitcoin Could Pass $300K by December 2021
A senior analyst at U.S.-based financial giant Citibank has penned a report drawing on similarities between the 1970s gold market and bitcoin.
Blockchain Bites: Data Unions. Hard Forks. And One Citi Analyst's Case for $300K BTC.
A Citibank managing director thinks bitcoin could hit $318,000.