The review points to a 629 percent increase in coin mining malware in the first quarter of 2018, with almost three million examples detected. Monero has been the primary target, accounting for 85 percent of all illegal crypto mining — Bitcoin accounted for a comparatively trifling eight percent of the illicit mining market, all other cryptocurrencies seven.
Only Way is Up
The report notes this increase is in a sense gravitational — by definition, anything with monetary value attracts criminal activity, and as cryptocurrency usage and value has grown, so has nefarious interest in the asset. Moreover, cryptocurrencies increasingly play a pivotal role in ‘dark web' markets for illicit goods such as drugs, weapons, purloined data and the like, due to the anonymity they theoretically provide.
The vulnerability exploits Microsoft Server Message Block 1.0, a network file sharing protocol, and allows applications on a computer to read and write to files and request services on the same network.
When the tool was leaked in 2017, hackers found a flaw of their own in the NSA software, allowing them to manipulate the power of other computers to mine cryptocurrency.
Tangled Up in Blue
The exploit became so widely used by hackers Microsoft was moved to issue a 'critical' security update, even extending to Windows XP operating systems, which the tech giant officially ceased supporting in 2014.
EternalBlue was also fundamental to the notorious worldwide cyberattack ‘WannaCry' in May 2017, which targeted computers running Microsoft Windows by encrypting data and demanding ransom payments from users in the form of Bitcoin.-
"This attack provides yet another example of why stockpiling vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. The governments of the world should treat this attack as a wake-up call. They need to take a different approach, adhere in cyberspace to the same rules applied to weapons in the physical world [and] consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," company President Brad Smith said.