Leaked NSA Exploits Shifting From Ransomware To Cryptocurrency Mining
from the now...-for-my-next-trick dept
Will we ever see a complete postmortem of the damage done by leaked NSA software exploits? All signs point to "no."
[M]ore than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and vulnerable to attack.
Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.
This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone.
EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs.
Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago.
“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason.
“Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company.
Fun stuff. And all made possible by the US government. Sure, indirectly, but it's not like no one in the private sector ever expressed concerns about the agency's vulnerability hoarding and the possibility of exactly this sort of thing happening. The exploit the NSA thought was too good to give up was taken from it and handed over to the malware-crafting masses to inflict misery around the world. Enemies were made -- and not all of them were software and hardware developers.
There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now.
Filed Under: cryptocurrency, eternalblue, exploits, mining, nsa, ransomware, wannacry
