Blockchain technology was invented in early 2009 to support bitcoin, a new digital currency with a clear objective: make transactions without the need for traditional intermediaries. Invented by the enigmatic Satoshi Nakamoto, bitcoin kicked off the cryptocurrency boom. But as society’s interest in cryptocurrencies has grown, so has criminal interest, creating headaches for companies’ security departments.
The rise of cryptojacking
Mining cryptocurrency is necessary for the system to work. Mining consists of a series of computations performed to process transactions made on blockchains. It creates new cryptocurrency and confirms transactions along the blockchain network. To create more cryptocoins, it is necessary to mine them. Without mining, the system would collapse.
Many users themselves have begun mining cryptocurrencies as a way to make money. Miners perform mathematical operations to verify transactions, and to do so, they use special software. Therefore, for mining to be lucrative, it is necessary to have a great deal of computational power. To make money from mining, cybercriminals are turning to cryptojacking.
Cryptojacking consists of the unauthorized use of a user’s devices to mine cryptocurrency. Basically, attackers make use of malware to hijack computers, tablets or smartphones, for example, and use them to covertly mine cryptocurrency. The user will probably note some lag in their device, but won’t be aware that it’s due to an attack attemping to mine cryptocurrency. One of the most common techniques consists in taking control of the victim’s CPU or GPU from a website infected with malware to mine cryptocurrency, such as what happened recently with YouTube. In this case, the advertising agency DoubleClick was victim of an attack that hid a Coinhive cryptojacking script in the code of YouTube advertisements. Coinhive is the most commonly used script to carry out these types of attacks. A study by security researcher Troy Mursch detected 50,000 new infected websites with cryptojacking scripts, with 80% of them using Coinhive.
Another attack technique consists in using Microsoft Word’s online video function, which allows users to insert videos in documents without the need to embed them. In this case, attackers take advantage of this feature to insert malicious scripts and to covertly take control of the power of the victim’s CPU.
Background theft
Cryptocurrency has become the gold of the 21st century. As a result, we are set to see more attacks attempting to mine cryptocurrency. Now that IT teams and state security forces have their eye on ransomware attacks, cybercriminals are opting for more secure methods to make a buck and have begun stealing IT resources to mine.
The difficulty in detecting this type of attack is making it one of cybercriminals’ preferred methods to illegally line their pockets. These attacks are also becoming increasingly sophisticated in order to affect the greatest number of devices possible. The more computational power they steal, the faster they can mine. This is giving rise to attackers fighting each other over CPU resources. Cybercriminals are including a mechanism in their code to detect competing miners and eliminate them in order to take complete control over the CPU’s resources.
That’s why companies are becoming the prime objective of attackers in 2018. If they get access to a corporate network, they have an enormous amount of resources available to them.
How can a company protect itself from cryptojackers?
These attacks have serious consequences for businesses. The most evident consequence comes from stealing CPU cycles which can slow down systems and networks, putting business and the general system availability at risk. Furthermore, once a company has been attacked, it is likely that a lot of time, money and effort will be required to get rid of and correct the problem. Intensive cryptocurrency mining can also have financial repercussions for a company, as electricity bills can be quite a bit higher due to the high energy demand.
Additionally, these attacks can wreak havoc on corporate devices. If mining is performed over a prolonged period of time, devices and their batteries can experience extreme overheating which can the devices.
Of course, one should also not forget that being a victim of cryptojacking means that an attacker has gotten through security systems and has obtained control of the company’s devices, putting the company’s data privacy at risk.
To be protected from a possible cryptocoin mining attack, one should follow these security measures:
- Perform periodic risk evaluations to identify vulnerabilities.
- Regularly update all systems and devices.
- Adopt advanced cybersecurity solutions that allow for a detailed visibility of activity on all endpoints and control all running processes.
- Create a secure browsing environment, installing extensions that hinder cryptocurrency mining.