Are you a victim of this data hog?
Sam Bocetta puts the word out about a new type of data hog and how to spot it. Sam Bocetta is a former naval contractor and security analyst. He’s now (mostly) retired and spends his days reading the classics and fly fishing with his grandkids. Sam can be reached on Linkedin: https://www.linkedin.com/in/sambocetta/
The Ultimate Secret Data Hog – Cryptomining Malware
Malware development, like many non-malicious types of software, is subject to certain trends that are impacted by a variety of external factors outside the tech industry.
Ransomware, for example, was the cyber bogeyman of 2017 and 2018 for the following reasons:
- Spectacular attacks on high-value targets.
- News media headlines.
- The modernization of traditional crimes such as hijacking, extortion and ransom.
- Availability of leaked cyber warfare weapons and techniques developed by American intelligence agencies.
- The use of cryptocurrencies to deliver ransom payments.
- Ransomware-as-a-Service platforms.
In early 2019, ransomware has thankfully lost some of its shine thanks
to law enforcement intervention, prosecution and reaction by the
information security community; in other words, this particular malware
threat is on a downtrend cycle.
As can be expected, a new threat has emerged to take ransomware’s spot on the malware scoreboard, and it goes by the names of cryptojacking or crypto mining malware.
Speaking of IT trends, let’s talk about Bitcoin trading: despite
cryptocurrencies having endured more than a year of bear market
conditions, they are still being bought, sold, exchanged, and mined for
In the case of Bitcoin, the most valuable digital currency in the world, the market cap of $60 billion is sizable enough to ignore that it has plunged from an all-time high near $20,000 in late 2017 to around $3,500 and lower in early 2019. Some investors remain hopeful that a rally similar to the one experienced in 2017 could materialize this year, and miners are holding even greater hopes.
As volatile as the cryptocurrency markets are, they present significant opportunities for profit, especially for those who engage in mining of tokens. In essence, mining entails putting considerable processing power and bandwidth to work on behalf of the blockchain that supports cryptocurrencies such as Bitcoin, Ethereum, Monero, Stellar, and many others.
The blockchain is a decentralized and distributed ledger where transactions are verified and cleared through very complex cryptographic calculation; miners who perform this service can present the blockchain with “proof-of-work” performed in exchange for the potential of earning a few tokens.
Cryptocurrency mining is not a “get rich quick” scheme by any means. With valuable tokens such as bitcoin, the barriers to entry include powerful hardware with efficient cooling systems, electricity, and broadband connections. These factors are combined into rigs that feature plenty of hash power and are fully dedicated to blockchain mining work.
It should be noted that hash power can be distributed in a manner somewhat similar to the distributed ledger of blockchain networks, which means that a single computing device can generate some hash power to contribute towards a mining operation.
IMAGE: Mining Rig
In the early days of Bitcoin mining, some individuals were able to mine a few tokens by means of running mining software on their laptops; once greed kicked in and blockchain transactions became increasingly difficult because of market volatility, mining cartels emerged.
By the time malicious hackers and cybercrime groups latched onto digital currencies, the development of cryptojacking was imminent. With cryptojacking, hackers inject malicious code into computing devices for the purpose of stealing hash power, meaning processing power, bandwidth and electricity, all with the goal of surreptitiously mining tokens.
Bitcoin is not a popular cryptocurrency among cryptojacking attackers; privacy tokens such as Cardano and Monero are preferred.
How Cryptojacking Malware Works
To a certain extent, crypto mining malware shares many of the characteristics of legacy spyware in the sense that injection may take place through click-and-bait strategies or Trojan horse attacks; in other words, victims often believed that they were installing software or executing code that was not malicious.
In some cases, remote code injection of cryptojacking malware may be conducted through old-school network intrusion, which is often a more sophisticated and aggressive approach since it may involve defeating a firewall.
As can be expected, cryptojacking attacks against business targets tend to be more powerful while at the same time being stealthier. A sophisticated cybercrime group targeting office networks or enterprise data centers may forego browser extensions and go with rootkits, remote code execution, and virtual machine hijacking. The most trailblazing and brazen attacks may utilize social engineering to gain credentials and set up fake intranet pages.
Once installed, cryptojacking malware will transform GPU and CPU resources into hash power to conduct transaction verification. According to a report published by a respected information security firm, 37 percent of corporate networks were impacted by cryptojacking activity in 2018.
More than 20 percent of business IT security departments are detecting cryptojacking attempts on a weekly basis. Companies that implement “bring your own device” policies are at greater risk.
The first line of defense against cryptojacking involves monitoring network connections between devices and the internet.
Network monitoring is a security strategy widely used in the enterprise world, but it is also available on a personal computing level with smart firewall apps that notify users of suspicious activity, intrusions, high CPU usage, and unusual data. It is important to note that cryptojacking crews will not ignore mobile devices since they are powerful enough to generate hash power and contribute to their wicked trade.
Aside from monitoring and detection, cryptojacking can also be prevented with safe computing practices such as the use of virtual private networking technology. It is not unreasonable to think of public Wi-Fi hotspots being taken over by hackers for the purpose of distributing mining malware.
To this effect, always protect your computer by using standard security measures when accessing public networks: firewall protection (such as GlassWire), antivirus scanners, and any no-logging VPN service. This is especially when connecting to an enterprise network using your personal computing device, so as to avoid exposing the entire network to remote attack.