Cryptojacking: the new malware threat
The recent report from Fortinet on the security threat landscape in the last quarter of 2017, confirmed that cryptojacking attacks have risen sharply in the last 6 months.
What is Cryptojacking?
Cryptojacking is a tool used to mine digital coinage such as Bitcoin and other cryptocurrencies on computers, using CPU resources. Criminals load the hidden mining components onto a corrupted webpage, which starts working as soon as the site is loaded and forces a computer to mine cryptocurrencies without the user’s knowledge. Nothing is stored or installed on the computer, but the malicious code does use a large amount of the system’s resources.
Criminals benefit from the fact that they don’t have to target phones or computers one by one. Instead by installing malware onto compromised websites they can hijack thousands of devices at a time.
As the price of Bitcoin and other cryptocurrencies rose sharply in the last quarter of 2017, the number of cryptojacking attacks also rose as criminals recognised and began to exploit the rise in value of these digital currencies. Most of these attacks, according to the Fortinet data, appear across sensors in the Middle East, Latin America and Africa.
How is cryptocurrency mined?
Cryptocurrencies are produced by using CPU energy to solve complex mathematical puzzles, linked to blocks of validated transactions, that are part of a digital currency program. When a problem is solved, a new piece of currency is made. Currencies can therefore be mined legitimately, but hackers are increasingly following the rise in value of digital currencies, by exploiting malicious mining activities.
The emergence of Cryptojacking
As Wired reported back in 2017, the idea of cryptojacking emerged when a company called Coinhive created a script that could start mining the cryptocurrency Monero when a webpage was loaded. Within weeks Coinhive imitations started to appear.
At the beginning of February 2018, security researcher Scott Helme first noticed that malware was busily mining cryptocurrency on over 4,000 sites without anyone noticing, rather embarrassingly including the U.K.’s Information Commissioner’s Office (ico.org.uk) and US court websites. Thousands of other UK websites, including those belonging to NHS services, the Student Loans Company and several English councils were also infected by the same cryptojacker malware.
Cryptojacking has also affected individual businesses as well. Recently researchers at security firm RedLock reported that Tesla’s cloud storage was breached to mine cryptocurrency, although the firm said there was “no indication customer privacy or vehicle safety or security has been compromised”.
The constructive side to Cryptojacking
Not all cryptomining is used for nefarious ends. Some companies, including culture publication Salon are experimenting with cryptomining, as an alternative to online adverts, which can have their own security problems.
Pirate Bay messaged their users back in September 2017, that the technology might be worth adopting. “This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running. Do you want ads or do you want to give away a few of your CPU cycles every time you visit the site?”
The development of cryptomining as an alternative to digital advertising is definitely something to watch, although we can for see problems around the lack of opt in and opt out options and the strain on systems resources due to the heavy use of computer power.
Protecting against Cryptojacking
A big spike in CPU usage may indicate that a hidden tool is using your computer to secretly mine currency. To check this, use Activity Monitor on Macs or the Resource Monitor on Windows computers to see which applications are using the most energy. A graph at the bottom of the monitor will show large spikes in computing power when you visit a website running a cryptocurrency miner.
If you know which sites are compromised, or you are concerned about individual websites you can add these to a browser’s ad blocking tool. There’s also a Chrome extension called NoCoin, that blocks Coinhive mining and is adding protection against other cryptcurrency miners.
Our CEO, Tim Holman commented, “Cryptojacking is less effortful and much more lucrative than attempting to slip malicious software into a system or sending infected email in phishing attacks. This new technology makes it easier for a criminal to attack thousands of computers at one time to illegally mine cryptocurrencies rather than targeting corporate data one company at a time.”
Luke Vile, our Cyber Security Director added, “Mining attacks will continue to rise as the price of digital currencies increase. This new wave of financial cybercrime is growing more sophisticated and more effective and users need to implement robust security measures to protect themselves from this escalating threat.”