Instances of cryptojacking malware have jumped more than 400 percent since last year, a new report finds. A collaborative group of cybersecurity researchers called the Cyber Threat Alliance (CTA) published the report Wednesday, detailing the various and repercussions from cryptojacking – the illicit practice of hijacking a user's computer to mine cryptocurrencies.
Most notably, CTA points out in the research that the number of instances of illicit mining malware found has sharply spiked in the months from the close of 2017 to end of July 2018. In the key findings document, the alliance points to a particular exploit that has been plaguing the security world for over a year, Eternalblue, as one of the leading causes.
Eternalblue is the infamous NSA exploit that was used in the Wannacry ransomware and NotPetya attacks. The CTA's analysis explains that a number of Windows operating systems remain vulnerable to the bug, despite a patch released by Microsoft. As such, these systems run a vulnerable network file sharing protocol dubbed SMB1. Malicious actors target these susceptible machines for their processing power, which even simple cryptojacking software can hijack.
Further, by decreasing the crypto mining rate, the malware can easily and cheaply be scaled across a network in large organizations and persist on the host computer for a longer time, resulting in a larger pay-out. Palo Alto Networks, one the partners in the alliance, found that Coinhive dominates in terms of software used by malicious actors, with some 23,000 websites containing Coinhive source code.
Moreover, the group of security firms has noticed that malicious actors are shifting their focus from traditional systems and personal computers to Internet-of-Things devices like smart TVs. The CTA also stressed that the presence of cryptojacking malware may just be an indicator of how insecure a system is, saying, "if miners can gain access to use the processing power of your networks, then you can be assured that more sophisticated actors may already have access."