Most everyone has heard of the term “Virtual Currency”. This is essentially the cloud-based version of the traditional paper money. For example, I have written a lot about Ransomware, and how a Cyber attacker wants to be paid with this new type of currency, usually in the form of Bitcoin. There are other types of virtual currencies that are out there, and collectively, these are also known as “Cryptocurrencies”.
There was a time earlier this year, when Cryptocurrencies were all the rage, especially in the financial markets. Futures contracts and even indexes were created and tracked for them and were traded heavily. For a period of time, the value of them went sky high, and people thought that this would be the real thing again, just like the .com craze back in the early ’90s.
But, as that came to a crashing end, so did the volatility of the Cryptocurrencies. They are still being traded, but not with the volume and the market capitalization that it once had. Now, here is another twist to the story. The Cyber attacker is now entering into this realm, with a new threat called “Cryptojacking”, which is essentially mining the various Cryptocurrencies for monetary value.
But first, it is important to define what Cryptomining is all about, and it is:
“Bitcoin mining is done by specialized computers. The role of miners is to secure the network and to process every Bitcoin transaction. Miners achieve this by solving a computational problem which allows them to chain together blocks of transactions (hence Bitcoin’s famous “blockchain”). For this service, miners are rewarded with newly-created Bitcoins and transaction fees.” (SOURCE: https://www.buybitcoinworldwide.com/mining/).
Technically, Cryptojacking can be defined as follows:
“Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.” (SOURCE: https://www.csoonline.com/article/3253572/internet/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html).
Ok, so now we have two long definitions, let us put these in simpler terms. We all have an idea of what a virtual currency is. Because there is no way to actually track down this digital currency, it needs to be made secure on the Internet.
So, this is where the mining aspect of it comes into play. It is their job to protect all of these currencies and transactions, by having the ability to solve very complex math problems.
Once this has been done a successive fashion, all of these transactions then form a “block” (aka the “Blockchain”) which creates the line of defense to protect these virtual currencies and their associated transactions. In return for their services, these miners (which are legal entities by the way), are paid a certain fee percentage.
Because of the return that is associated, the Cyber attacker now wants to gain their foot into this game, and become crypto miners themselves, but of course illegally. But keep in mind, as I had just written, there are very complex mathematical problems to solve in order the miner to be rewarded. This, of course, takes a lot of computing and processing power.
The Cyber attacker does not want to spend the money in terms of procuring the extra hardware to do this, so as the above definition states, he or she will hijack your computer, and from there, steal the processing power as well as the electricity in order to mine the Cryptocurrencies. You may be asking at this point; how can they do this to your computer?
It’s quite easy. All they have to do is send you a Phishing like an Email, which contains a malicious link or attachment. Once you have fallen victim to the initial attack, a specialized Cryptomining code is then installed onto your computer or even mobile device.
But what is even stealthier is that even if you visit a website, there could be infected pieces of Java source code running behind the site you are viewing, and from there, the Cryptomining code can then be covertly loaded onto your computer, as it is stated in the definition. But at this point in the game, the Cryptomining code is now malware.
But the problem with this new malware is that it is very difficult to spot on your computer, and can installed and deployed in a very sneaky manner. In these instances, the Cyber attacker is not just exclusively targeting computers and wireless devices, they will go after anything that will give them free electricity. This includes servers, routers, cable modems, firewalls, network intrusion devices, etc.
It is also important to keep in mind that there is no specialized package that the Cyber attacker has to deploy onto a device – the malware is just a few lines of infected source code, and as a result, this makes it all the more difficult to detect. Because of the extremely low overhead that is required, and its sneaky nature, the rise in Cryptojacking has increased significantly.
For example, McAfee has just discovered almost 3 million new cases of it, which is a staggering 629% increase from 2017. So, what are some of the telltale signs if your computer has been hijacked for the purposes of Cryptojacking? Here are some clues:
*Slowdown in the speed of your computer;
*Very slow load times when trying to connect to the Internet;
*A slow increase in your electricity bill.
In response to all of this, tech giants like Google and Apple who have mobile app stores are taking proactive actions to protect their customers. For example, with the former, they no longer allow for browser extensions in its Web Store that mine cryptocurrencies. The Google Play Store allows customers to pick extensions and apps that personalize their Chrome web browser, but this will now become highly restricted.
In fact, a recent study (conducted by a Cybersecurity firm known as Sophos) detected 25 rogue mobile applications which had the infected Cryptojacking source code in them. These mobile apps were downloaded at least 120,000 times by different end users. This can be illustrated in the diagram below:
The details of the Sophos study can be seen here:
https://news.sophos.com/en-us/2018/09/24/cryptojacking-apps-return-to-google-play-market/
My thoughts on this?
As we all keep lamenting in the Cybersecurity world that Ransomware and attacks to Critical Infrastructure will be the next things to worry about in 2019, so will Cryptojacking. But because it really has not made the news splash when compared to the levels of other Cyber-attacks, not too many people have heard about it. But the threat is real and it is there, especially as the Internet of Things (IoT) continues to evolve.
For example, with all of these connections that are taking place between devices, it just gives the Cyber attacker that many more tools to steal electricity from. But, Cryptomining, as stated before, is technically a legal activity, and many nonprofit organizations are starting to realize its full power. One such case is that UNICEF.
They launched a program called “Game Changers” in which computer owners were asked to give up some of their electricity and processing power and mine for Cryptocurrencies the legal way. As a result, almost $60,000 was raised in just a three-month time span for humanitarian purposes. The details on this effort can be seen here at this link:
But, in the end, there might be some light at the end of the tunnel with this new wave of Cyberattack. The level of Cryptojacking can be closely tied with the value of the Cryptocurrencies themselves. So, for example, if there is a deep and sustained plunge in the financial markets in their associated futures prices and indexes, the incentive for the Cyber attacker to engage in Cryptojacking could greatly decrease as a result.