Houston, Texas, USA : Your computer could be quietly mining bitcoin — for someone else. The act, known as cryptojacking, has grown in popularity because it is hard to detect, lucrative and reasonably passive reasonably passive, unlike other hacks such as Ransomware, which can encrypt files or lock users out of systems until money is paid.
Cryptojacking has become the leading threat to the security of electronic devices. However, unlike other cybercriminal trends, it has done so without making headlines around the world. It could even be the case that you’re being affected by it right now, without even noticing. But with a 4,000% at the start of the year, it is obvious that this is a serious threat, no matter now sneaky it is.
This attack has multiple negative consequences, which can include an extreme rise in your electricity bill, a serious slowdown in your computers, and even physical damage to devices.
Hackers are quietly hijacking personal computers, company servers, cable routers, mobile devices and other forms of computing power to stealthily mine cryptocurrencies — a problem that cybersecurity experts warn is growing rapidly.
“Cryptojacking scams have continued to evolve, and they don’t even need you to install anything,” Jason Adler, an assistant director for the Federal Trade Commission, wrote in a blog post. “Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device’s processor without you even knowing.”
The rise in the value of bitcoin and other cryptocurrencies in recent years has made cryptocurrency mining a lucrative activity. Cryptocurrency mining uses computing power to compete against other computers to solve complex math problems, with that effort rewarded with bits of cryptocurrencies. That computing power helps create a distributed, secure and transparent network ledger — commonly known as a blockchain — on which applications such as bitcoin can be built.
Cryptocurrency mining can be an expensive proposition, requiring computing hardware and electricity. Cryptojacking offers cybercriminals a way to steal computing power from other people to bypass the effort and expense. Cryptojacking software operates on computers in the background, with the only evidence of its presence signified by a user’s device overheating or slowing down.
Cryptojacking’s mix of low risk and high reward have led to a significant increase in attacks, with a June report from McAfee finding 2.9 million examples of mining malware — malicious software — in the first three months of the year. The company said that was a 629 percent increase from the last three months of 2017.
“The pick up was just massive,” Candid Wueest, a threat researcher at the cybersecurity company Symantec, said. “It caught a lot of people by surprise.”
Computer owners should be on the lookout for a slowdown in their computers, rising electricity bills and sluggish internet speeds.
The influx in malware led some online companies to implement protective measures for their users. Google announced in a blog post that it would no longer allow browser extensions in its Web Store that mine cryptocurrencies. The online store allows for users to pick extensions and apps that personalize their Chrome web browser, but the company noted that the “capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users.”
Smartphone apps can also contain cryptojacking malware. A study released in September by Sophos, a cybersecurity company, revealed at least 25 apps in the Google Play Store had hidden coin mining malware.
Google included a chart showing how cryptojacking software in browser extensions drastically increased the computing power.
The apps, “disguised” as game and utilities, were downloaded more than 120,000 times by unsuspecting users, causing mobile devices to transform into “cryptocurrency churning rigs,” according to Pankaj Kohli, a threat researcher at Sophos.
While cryptojacking has malicious origins, some legitimate groups have begun to explore whether the concept could be used for good.
UNICEF appealed for computer power instead of cash in February during a fundraiser caller “Game Chaingers.” The organization persuaded computer owners to voluntarily relinquish computing power to it, raising upward of $50,000 within 59 days by mining for a cryptocurrency called Ethereum.
Salon, a digital news outlet, prompts users with ad-blockers to surrender a portion of their computer processing power to mine for cryptocurrency while the user browses the site.
Cryptojacking and legitimate mining, however, are sensitive to cryptocurrency prices, which have declined sharply since their highs in late 2017 and early 2018. According to a McAfee threats report, cryptojacking instances “remain very active,” but a decline in the value of cryptocurrencies could lead to a plunge in coin mining malware, just as fast as it emerged.
In 1989, an evolutionary biologist named Dr. Joseph Popp mailed out a series of packages. Contained in those packages were floppy disks — and on those floppy disks, a Trojan virus. Trojans were not new, nor was the delivery method. What made Popp’s attack distinct was the way it infected machines.
Dubbed the AIDS Info Disk, the virus would wait for the machine to be rebooted 90 times, after which it would encrypt drive C:. Popp then demanded a user send $189 to PC Cyborg Corporation at a P.O. box in Panama.
“The AIDS Trojan was pretty easy to overcome as it used simple symmetric cryptography and tools were soon available to decrypt the files,” KnowBe4 writes, but Popp fathered a type of malware attack that would eventually take the internet by storm.
Since the dawn of the internet, hacking has been, by and large, a numbers game. The quantity of machines affected by the worms and trojans of years past is staggering, and the rise of botnets more recently has added to the problem, with millions of devices infected and billions of malicious emails sent every day.
And in recent years, we’ve seen a new malware techniques emerge from the fray. Paul Roberts, founder & editor-in-chief of The Security Ledger, spoke with Spiceworks about the evolution of ransomware.
“Less than two years ago, [ransomware] was really the dominant form of malicious software because it was the most profitable activity for cybercriminals to engage in,” Roberts said. “Since then I think we’ve seen cybercriminal groups much more interested in things like [cryptojacking] as a way to generate revenue, though ransomware is still quite common and still an effective way to generate revenue.”
And over the years, ransomware attacks broadened in impact and sophistication, culminating in the WannaCry outbreak of 2017. Hundreds of thousands of computers around the world were infected, for example, taking huge swaths of devices — entire hospitals — of England’s National Health Service offline.
The economic damage caused by WannaCry is difficult to nail down, but experts suggest the financial damages ranged from the hundreds of millions to billions of dollars.
The thing is, WannaCry shouldn’t have happened.
“Ironically, the patch needed to prevent WannaCry infections was actually available before the attack began: Microsoft Security Bulletin MS17-010, released on March 14, 2017, updated the Windows implementation of the SMB protocol to prevent infection via EternalBlue,” CSO Online writes. “However, despite the fact that Microsoft had flagged the patch as critical, many systems were still unpatched as of May of 2017 when WannaCry began its rapid spread.”
Even if a fix is available, many organizations just aren’t great about patching their systems in a timely manner, making them prime targets for ransomware and other types of malware.
A particularly potent ransomware strain that casts a wide net could potentially result in tens or hundreds of thousands of dollars in quick cash for hackers. The WannaCry outbreak was estimated to have netted $143,000 for the hackers. In 2017, hackers also specifically targeted government organizations with high-value data and services, and perhaps more importantly, the ability to pay. But ransomware is not the only way to make money using malware.
Where cryptojacking comes in
With money as a malware motivation, hackers have been harnessing hidden cryptocurrency miners on a massive scale, taking over personal computing devices to make money, unbeknownst to their owners.
When done legitimately, people can essentially rent their computer resources to power the infrastructure required for cryptocurrencies to function. It’s similar to an Uber or AirBnB model, where you allow other people to use your resources, like a car or a second house, in return for a fee. In the case of cryptocurrencies, you’re paid in the form of the cryptocurrency itself. Cryptojacking is a bit like someone else taking out your car and earning money with it on Uber without you knowing, collecting the profits behind your back, and hoping you don’t notice.
With cryptojacking, every device exploited is a source of revenue. Via hundreds, thousands, or millions of devices infected, depending on the value of a cryptocurrency, an attacker can generate colossal amounts of profit via cryptojacking without most victims ever noticing.
This source of easy revenue is why we’ve seen a 956 percent year-over-year jump in cryptojacking attacks for the first half of 2018. That figure stands in stark contrast to a minute 3 percent rise in ransomware attacks over the same period.
The numbers suggest the possibility that ransomware has been dethroned by cryptojacking, but mining for virtual money is only going to be profitable as long as the price of cryptocurrencies stays high. Also, Roberts at The Security Ledger believes the ransomware slowdown is simply a hiatus.
“I actually think ransomware is going to become a much, much bigger problem in the not-distant future as more of our lives, more of our businesses, more of our physical space becomes Internet connected. I actually think the Internet of Things is going to be a huge driver of ransomware.”
To put this into perspective: According to IHS the number of IoT devices is expected to rise to 30.7 billion by 2020, and 75.4 billion by 2025. The potential for exploitation of this network is unfathomable, and Roberts believes it’s only just beginning.
If a large organization gets hit with a ransomware attack, there’s the option of paying the ransom and moving on. As everything becomes connected, the damage caused by an attack becomes far less manageable and far more complicated to mitigate.
“If it’s your personal computer there’s always the option of closing a laptop closing the lid of the
laptop and saying ‘I’m gonna deal with this tomorrow,’ ” said The Security Ledger’s Roberts. “If it’s your connected refrigerator, however, that’s been abducted and your food is defrosting, you’ve got to make a very fast decision to get that refrigerator working.
“Now you’re paying the ransom to get your car out of the driveway and the air conditioning working in the apartment that you manage. Those types of infections that have cyber-physical impact, I would estimate, will be very, very successful for ransomware groups.”
The future of malware
Security measures may have improved in recent years, but organizations may find it difficult to plan for a connected world of 70 billion IoT devices, billions of smartphones, and a significant portion of the global population online. Last year, ESG reported that nearly half of organizations are facing a “problematic shortage” of experienced IT staff, where security problems are growing and the IT staffs are shrinking. CRN predicts a cybersecurity gap of 3.5 million jobs by 2021.
This lack of security expertise paired with increasingly sophisticated attacks is bad news for businesses. And as the threat landscape evolves, IT professionals still have to worry about hackers finding clever new ways to exploit basic human weaknesses as phishing wreaks havoc on users.
“The way that phishing is successful is by playing off of social engineering, and playing off of human emotion,” said Erich Kron of KnowBe4, a panelist on this year’s ‘Keeping users up to speed with the best security practices’ panel at SpiceWorld 2018 in Austin, Texas. “The moment that you become emotional in an email conversation, you need to step back and reassess the situation … These attacks are so advanced in targeting people’s psychology … If people feel an emotional pull, or some concern, they need to step back.”
To prepare for the coming IoT-pocalypse, it’ll be a larger, more difficult, and more critical task to keep systems up to date. Large organizations will inevitably fall victim to some attack or another, and IT pros must proactively prepare users to mitigate risk before a breach happens.
“Give users an idea of why — give them an idea of what’s going on in the world,” Kron said. “If you’re in an industry that’s specifically targeted with a certain type of attack …Those people need to understand the threats that are specific to them.”
Whether it be cryptojacking or malware, the economic impact of a massive breach can be catastrophic for an organization, and emerging threats are always around the corner. How prepared are you?
Tips To protect you from the threat of cryptojacking
- Carry out periodical risk evaluations to identify vulnerabilities.
- Analyze resources to make sure there is no unusual activity.
- Thoroughly investigating any spikes in IT problems related to unusual CPU performance
- Careful with your browser. If you suspect that cryptojacking is getting in via websites, install plugins to block these sites on your browser.
- Regularly update all the company’s devices and systems.
- Use an advanced cybersecurity solution that provides key characteristics such as detailed visibility of the activity on all endpoints, and which allows you to control all running processes.