According to TechCrunch, there are almost a million computers and networks online still vulnerable to an exploit that allows unknown third parties to hijack Windows machines to mine cryptocurrencies.
The exploits were made possible after a number of advanced National Security Agency (NSA) hacking tools were stolen and published online. Microsoft put out patches for the vulnerabilities over a year ago, and while most of us have updated our systems, many are still vulnerable.
A tool named EternalBlue is at the center of this problem and has been used for different types of hacks, in addition to cryptocurrency mining. Before the patch was made, EternalBlue was first used to run ransomware on large networks, which effectively shut down the systems for major businesses and even hospitals.
Hackers reportedly used the tool to inject the infamous WannaCry and NotPetya ransomware strains onto thousands of devices, costing companies hundreds of millions of dollars in damages.
These ransomware attacks have slowed down as an increasing number of network patch their systems. The same tools, however, are being used to harness an infected computer’s processing power to mine cryptocurrency, an exploit called “Wannamine.”
In a recent blog post, Cybereason, a startup that provides cyber attack prevention services to the tech industry, warned potential customers of the need to download these patches.
Wannamine isn’t a new attack. It leverages the EternalBlue vulnerabilities that were used to wreak havoc around the world almost a year and a half ago. But more than a year later, we’re still seeing organizations severely impacted by attacks based on these exploits.
Per the cybersecurity firm, there’s no reason for security analysts to keep on handling incidents in which hackers use the EternalBlue vulnerability, as “organizations need to install security patches and update [their] machines.”
Cybereason also provided a more technical explanation of how the exploit works, saying that Wannamine “penetrates computer systems through an unpatched SMB service and gains code execution with high privileges to then propagate across the network, gaining persistence and arbitrary code execution abilities on as many machines possible.”
As CryptoGlobe reported, McAfee Labs, in its latest quarterly “Threat Report” revealed the number of cryptojacking cases – where hackers used victims’ CPUs to mine cryptocurrencies without their consent – has grown by 629% in the Q1 2018. 59% of businesses in the UK have, at some point, suffered cryptojacking attacks.