The growing popularity of Bitcoin and other cryptocurrencies is driving curiosity among the hackers.
2017 was the year of high profile breaches and ransomware attacks where as a result bitcoin had a tremendous price hike.
Hackers launched global ransomware attacks where the payments were demanded in bitcoins
Crypto-miners are using different techniques to do this. The recent attacks they used a third-party accessibility plugin called “Browsealoud”, used by all these affected websites, and injected their cryptocurrency-mining script into its code. So when clients load the websites, the script running on the background uses the clients device CPU to perform mining.
The mining software was found in more than 4,200 websites, including The City University of New York (cuny.edu), Uncle Sam’s court information portal (uscourts.gov), the UK’s Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner’s Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), UK NHS services, Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on. Reports thehackernews.com
The full list of affected websites can be found here.
Cryptocurrency-mining malware, a new business model for cyber offenders
Cryptocurrencies are a secure way of making transaction without any delays or additional hidden charges from third parties. Being such secure where user’s personal information is behind a cryptographic wall, leaves no space for fraud or identity thefts.
The increasing popularity of cryptocurrencies has made them ideal for cyber offenders to launch malware attacks where they infect systems and devices by turning them into cyber army cryptocurrency-mining machines.
Cryptocurrency mining is the process of confirming transcation and adding them to a public ledger, which requires significant resources from dedicated processors, graphics cards, and other hardware to solve an increasingly complex computational problem. Indeed the more these hardware perform mining the more it does generate money, but there are also other things to consider.
The profit is relative to a miner’s investment on the hardware, not to mention the electricity costs to power them.
“Cryptocurrencies are mined in blocks; in bitcoin, for instance, each time a certain number of hashes are solved, the number of bitcoins that can be awarded to the miner per block is halved. Since the bitcoin network is designed to generate the cryptocurrency every 10 minutes, the difficulty of solving another hash is adjusted. And as mining power increases, the resource requirement for mining a new block piles up. Payouts are relatively small and eventually decrease every four years—in 2016, the reward for mining a block was halved to 12.5 BTC (or $32,000 as of July 5, 2017). Consequently, many join forces into pools to make mining more efficient. Profit is divided between the group, depending on how much effort a miner exerted.”
Cryptocurrency-mining malware impact | trendmicro.com
Cryptocurrency-mining malware steal the resources of infected machines, significantly affecting their performance and increasing their wear and tear. An infection also involves other costs, like increased power consumption.
These malware can threaten the availability, integrity, and security of a network or system, which can potentially result in disruptions to an enterprise’s mission-critical operations. Information theft and system hijacking are also daunting repercussions. These attacks can also be the conduit from which additional malware are delivered.
While bitcoin mining is not inherently illegal (at least in many countries), it can entail a compromise if it does not have the owner’s knowledge and consent. The machines running Windows had the most bitcoin mining activities, but also of note are:
- Systems on Macintosh OSes, including iOS (iPhone 4 to iPhone 7)
- Devices run on Ubuntu OS, a derivative of Debian Linux OS
- Home routers
- Environment-monitoring devices, used in data centers
- Android-run smart TVs and mobile devices
- IP cameras
- Print servers
- Gaming consoles
Cryptocurrency-mining malware mitigation practices | trendmicro.com
Cryptocurrency-mining malware can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. And by turning these machines into zombies, cryptocurrency malware can even inadvertently make its victims part of the problem.
Indeed, their adverse impact to the devices they infect—and ultimately a business’ asset or a user’s data—makes them a credible threat. There is no silver bullet for these malware, but they can be mitigated by following these best practices:
- Regularly updating your device with the latest patches helps prevent attackers from using vulnerabilities as doorways into the systems
- Changing or strengthening the device’s default credentials makes the device less prone to unauthorized access
- Enabling the device’s firewall (for home routers), if available, or deploying intrusion detection and prevention systems to mitigate incursion attempts
- Taking caution against known attack vectors: socially engineered links, attachments or files from suspicious websites, dubious third-party software/applications, and unsolicited emails
IT/system administrators and information security professionals can also consider application whitelisting or similar security mechanisms that prevent suspicious executables from running or installing. Proactively monitoring network traffic helps better identify red flags that may indicate malware infection.