Are you a victim of this data hog?
Sam Bocetta puts the word out about a new type of data hog and how to spot it. Sam Bocetta is a former naval contractor and security analyst. He’s now (mostly) retired and spends his days reading the classics and fly fishing with his grandkids. Sam can be reached on Linkedin: https://www.linkedin.com/in/sambocetta/
The Ultimate Secret Data Hog – Cryptomining Malware
Malware development, like many non-malicious types of software, is subject to certain trends that are impacted by a variety of external factors outside the tech industry.
Ransomware, for example, was the cyber bogeyman of 2017 and 2018 for the following reasons:
- Spectacular attacks on high-value targets.
- News media headlines.
- The modernization of traditional crimes such as hijacking, extortion and ransom.
- Availability of leaked cyber warfare weapons and techniques developed by American intelligence agencies.
- The use of cryptocurrencies to deliver ransom payments.
- Ransomware-as-a-Service platforms.
In early 2019, ransomware has thankfully lost some of its shine thanks
to law enforcement intervention, prosecution and reaction by the
information security community; in other words, this particular malware
threat is on a downtrend cycle.
As can be expected, a new threat has emerged to take ransomware’s spot
on the malware scoreboard, and it goes by the names of cryptojacking or
crypto mining malware.
Understanding Cryptojacking
Speaking of IT trends, let’s talk about Bitcoin trading: despite
cryptocurrencies having endured more than a year of bear market
conditions, they are still being bought, sold, exchanged, and mined for
various reasons.
In the case of Bitcoin, the most valuable digital currency in the world,
the market cap of $60 billion is sizable enough to ignore that it has
plunged from an all-time high near $20,000 in late 2017 to around $3,500
and lower in early 2019. Some investors remain hopeful that a rally
similar to the one experienced in 2017 could materialize this year, and
miners are holding even greater hopes.
As volatile as the cryptocurrency markets are, they present significant
opportunities for profit, especially for those who engage in mining of
tokens. In essence, mining entails putting considerable processing power
and bandwidth to work on behalf of the blockchain that supports
cryptocurrencies such as Bitcoin, Ethereum, Monero, Stellar, and many
others.
The blockchain is a decentralized and distributed ledger where
transactions are verified and cleared through very complex cryptographic
calculation; miners who perform this service can present the blockchain
with “proof-of-work” performed in exchange for the potential of earning
a few tokens.
Cryptocurrency mining is not a “get rich quick” scheme by any means.
With valuable tokens such as bitcoin, the barriers to entry include
powerful hardware with efficient cooling systems,
electricity, and broadband connections. These factors are combined into
rigs that feature plenty of hash power and are fully dedicated to
blockchain mining work.
It should be noted that hash power can be distributed in a manner
somewhat similar to the distributed ledger of blockchain networks, which
means that a single computing device can generate some hash power to
contribute towards a mining operation.
IMAGE: Mining Rig
In the early days of Bitcoin mining, some individuals were able to mine a
few tokens by means of running mining software on their laptops; once
greed kicked in and blockchain transactions became increasingly
difficult because of market volatility, mining cartels emerged.
By the time malicious hackers and cybercrime groups latched onto digital currencies, the development of cryptojacking
was imminent. With cryptojacking, hackers inject malicious code into
computing devices for the purpose of stealing hash power, meaning
processing power, bandwidth and electricity, all with the goal of
surreptitiously mining tokens.
Bitcoin is not a popular cryptocurrency among cryptojacking attackers; privacy tokens such as Cardano and Monero are preferred.
How Cryptojacking Malware Works
To a certain extent, crypto mining malware shares many of the
characteristics of legacy spyware in the sense that injection may take
place through click-and-bait strategies or Trojan horse attacks; in
other words, victims often believed that they were installing software
or executing code that was not malicious.
In some cases, remote code injection of cryptojacking malware may be
conducted through old-school network intrusion, which is often a more
sophisticated and aggressive approach since it may involve defeating a
firewall.
The most common types of cryptojacking target personal computing devices
such as desktops, laptops, tablets, and smartphones. It is not
unreasonable to think that smart home appliances like the Samsung Family
Hub refrigerators could be next since they are equipped with a
motherboard running Android and many connectivity services. These
devices can be infected with in-script cryptojacking code or through
JavaScript browser extensions.
As can be expected, cryptojacking attacks against business targets tend
to be more powerful while at the same time being stealthier. A
sophisticated cybercrime group targeting office networks or enterprise
data centers may forego browser extensions and go with rootkits, remote
code execution, and virtual machine hijacking. The most trailblazing and
brazen attacks may utilize social engineering to gain credentials and set up fake intranet pages.
Once installed, cryptojacking malware will transform GPU and CPU
resources into hash power to conduct transaction verification. According
to a report published by a respected information security firm, 37
percent of corporate networks were impacted by cryptojacking activity in 2018.
More than 20 percent of business IT security departments are detecting
cryptojacking attempts on a weekly basis. Companies that implement
“bring your own device” policies are at greater risk.
Cryptojacking Detection
The first line of defense against cryptojacking involves monitoring network connections between devices and the internet.
Network monitoring is a security strategy widely used in the enterprise world, but it is also available on a personal computing level with smart firewall apps that notify users of suspicious activity, intrusions, high CPU usage, and unusual data. It is important to note that cryptojacking crews will not ignore mobile devices since they are powerful enough to generate hash power and contribute to their wicked trade.
Aside from monitoring and detection, cryptojacking can also be prevented with safe computing practices such as the use of virtual private networking technology. It is not unreasonable to think of public Wi-Fi hotspots being taken over by hackers for the purpose of distributing mining malware.
To this effect, always protect your computer by using standard security measures when accessing public networks: firewall protection (such as GlassWire), antivirus scanners, and any no-logging VPN service. This is especially when connecting to an enterprise network using your personal computing device, so as to avoid exposing the entire network to remote attack.
dallas7 says:
For those who favor ad blocking extensions there is the NoCoin filter list for an effective line of defense within browsing technology. It’s well maintained and supported by a cadre of dedicated individuals.
https://github.com/hoshsadiq/adblock-nocoin-list