The Microsoft Eternal Blue vulnerability turns out to be a useful tool in illicit cryptomining.
In the bustling industry of cybercrime, ransomware has always been a popular weapon of choice...until this year. In 2018, illicit cryptomining (AKA cryptojacking) took the title, surging 459%. Cryptojacking is the crime of using somebody else’s computer processing power to mine cryptocurrency. Victims may not even notice, as there are no outward signs that the mining is occurring, save possible slowing down or overheating of the system.
On Wednesday, the Cyber Threat Alliance published a report on cryptomining, including key findings that the Eternal Blue vulnerability on older Microsoft systems plays a major role in cryptojacking. Eternal Blue was the cause of 2017’s WannaCry and NotPetya ransomware outbreaks, and while a patch has been available for a year and half now, the key findings state, “there are still countless organizations that are being victimized by this exploit.” Cybercriminals have simply adjusted the use of the flaw from ransomware to cryptojacking.
While acknowledging that cryptojacking has increased throughout 2018, Avast Security Evangelist Luis Corrons isn’t so sure it has everything to do with the NSA software leak, the EternalBlue exploit. Rather, Corrons points out, EternalBlue became well-known once WannaCry hit the scene, and “there were attacks on companies that used this exploit to infect computers with cryptomining well before WannaCry.”
“The point is,” Corrons continues, “because cryptojacking equals free money, it’s become popular. And not only are there pointed attacks simply to mine, but there are also cases where it is a ‘side business.’” A side business, Corrons explains, is when cybercriminals compromise a computer and not only steal data and credentials, but also do cryptojacking. “So any time a cryptojacking attack is detected — and this is especially critical for SMBs — it points to the fact that security issues must be addressed, and immediately,” Corrons says.
Stay updated — Update all operating systems and apps as soon as the updates are released. Cybercriminals have a difficult time cracking into new versions of software, but they can do their dirty work through old versions that have known flaws.
Use an antivirus — Good cybersecurity like Avast Free Antivirus blocks malware, including cryptojacking schemes, and will alert you if any websites you try to visit are unsafe.