Crypto-jacking: The Double Cyber Threat


previous articles


crypto-jacking: the double cyber threat

Every day, 21st-century cybercriminals are discovering a myriad of new methods to make crime pay. Over the course of the past couple of years, ransomware has been the go-to method for online criminals looking to secure an ill-gotten windfall. Though ransomware continues to pose a significant threat 

and ranks as one of the most effective monetization techniques for cybercriminals, security researchers have witnessed a spike in crypto mining malware cases in 2018.

According to Secureworks, in 2017, "the cryptocurrency market grew nearly 20-fold, reportedly increasing from approximately $18 billion to more than $600 billion (USD)." Unfortunately, with the rise in popularity of crypto comes an equally monumental surge in the number of nefarious actors seeking to capitalize on its growth. More specifically, criminal activity involving the illicit use of hijacked computer systems to mine coins.

Many cryptocurrencies such as Bitcoin, come into existence via a process known as ‘mining’. Savvy computer users can configure their systems to run mining software that uses their computer’s processing power to help maintain the public ledger that governs the currency. Since crypto mining is a resource-intensive process, miners are incentivized with rewards in the form of coins for their efforts.

Ingenious hackers and criminal syndicates are taking advantage of this rewards system by using unwitting users’ computers to mine various currencies on their behalf. In a process known as crypto jacking, hackers are using infected website as well as other malware distribution methods to find and exploit victims.

Last June, SecurityWeek reported that researchers at Kaspersky uncovered a felonious miner that used an updated version of 'cpuminer' to exploit victims. Interestingly, this trojan took advantage of a security hole in Linux's popular Samba networking software.

Just this past March, Microsoft announced they were working diligently to combat an illicit coin-miner called ‘dofoil’. By camouflaging its payload as a legitimate Window’s binary, the criminal group behind the sophisticated trojan was able to infect nearly 500,000 computers within a 12-hour period.

Some criminal collectives have started using malicious Javascript code as a means of unauthorized mining. When a user connects to an infected server that hosts the script, they become an unintentional accomplice in the hackers fraud scheme. Moreover, security experts are finding signs of increasing levels of finesse as certain groups have discovered methods to continue mining even after their victims’ browser windows have closed. 

Going further, security experts say nefarious actors have also been caught injecting their wares into ads hosted by trusted advertising networks such as AOL.

Regrettably, these ad-based outbreaks are happening during a period when some websites - large and small - are experimenting with whitehat mining techniques as an alternative form of revenue. Bad actors can sow confusion as to which sites and methods are trustworthy.

Security researchers tend to agree that black-market crypto mining will continue to flourish as hackers become more imaginative and expand their attack vectors. Presently, laptops and PCs are most susceptible, however, experts are seeing a sharp rise in cases involving servers, IoT gadgets, and mobile devices.

From law enforcement’s perspective, the task of cornering and prosecuting hackers involved in these schemes is made exasperatedly more difficult when you consider the decentralized and anonymous nature of certain crypto coins.(2) Granted, some - Monero being an example - are purposely designed to offer more anonymity than others. Nevertheless, even pseudo-anonymous coins can furnish criminals enough protection to thwart thorough evidence gathering.

Perhaps more alarming is the humdrum attitude some organizations have adopted as it pertains to mining malware. Due to the relatively low profile of such malware, it’s sometimes wrongfully viewed as a nuisance instead of the grave security threat that it indeed is.

Slow moving enterprises may not react as forcefully to illicit mining threats because, frankly, they don't pose the clear and immediate danger of more visible attacks such as ransomware. Nevertheless, as alluded to above, the same security flaw used in a crypto jacking attack can be used for other attacks as well. In other words, virtually any vulnerability that's exploited by an illegal miner can be used the next time for a larger, much more destructive attack. For this reason, it's best that individuals and businesses immediately report and remedy any crypto mining infection.