First published on TechNet on Aug 06, 2018
Hello, this is Paul Bergson again with another topic on security. The threat of malware continues to impact business with no relief in sight. The latest topic brought back childhood memories of how the "Leeches" of the internet prey upon unsuspecting victims.
It has been a beautiful summer in the Minneapolis, MN area this year with plenty of opportunities to cool off in one of our thousands of lakes. I remember as a kid one day we went, the water was warm but not very clear and there was plenty of vegetation in the water where we were. One day in particular 2 brothers and 2 cousins of mine, were splashing and playing in the water without a care in the world. There weren't any exposed threats that other parts of the country/world have to watch out for such as jelly fish, sharks or water snakes, etc… We hung out and swam for an extended period of time before we decided to swim back to shore. I was the first one out and was drying myself off when I hear this scream from my cousin as he was stepping onto dry land. As I looked over at him, he had what initially looked like a bunch of small black mud spots stuck to his skin but under closer inspection were water leeches. The leeches had "Hijacked" his circulatory system for food (energy). Initially he yanked a couple off but that hurt him, so someone ran and got some salt. The salt got the leeches to release themselves but we decided to stay out of the lake the remainder of the day as well as stay away from the that part of the lake in the future. Hopefully I haven't lost any readers thinking they are on the wrong technical website.
My point in the story above is how Cryptojacking malware authors can be equated to leeches of the animal kingdom. When someone swims by there malware on the web, and victims are susceptible to attack malware miners will latch onto you and start to leech away your computer resources.
What is "Cryptojacking" and malware miners you ask? Read on… In 2017 there was an onslaught of Ransomware with several high-profile attacks, but recently Ransomware has taken a back seat to the assault of Cryptojacking where attackers are in the pursuit of cryptocurrency. This isn't to state that Ransomware has gone away, it hasn't but the level of Cryptojacking attacks is now being reported to be more prevalent than Ransomware attacks. Cryptocurrencies are based upon solving complex mathematical problems with miners (Machines running to solve these mathematical problems) being rewarded with crypto coins for solving the problem on a blockchain. Bitcoin cryptocurrency for example has a finite number of coins that get more and more difficult to obtain as the pool of coins begins to exhaust. Since it becomes more difficult to solve the mathematical problems, more CPU/GPU's cycles are needed to a mine a coin. This leads to a rise in energy costs to mine a coin. With the rise in demand for CPU/GPU cycles to solve the ever-growing mathematic complexity, most ordinary users can't afford the equipment or the associated energy costs to mine on their own. On average Bitcoin miners, currently mine ~1,800/day and at the current rate of ~$6,000/coin (7/12/2018) this means there is $10 million in new Bitcoins mined every day. As the compute complexity increases so does the electrical energy required to complete the task, there are projections that put the price to mine a single Bitcoin by 2022, somewhere between $300,000 – $1.5 million.
*1 Since attackers can't afford the compute power nor the associated energy costs for cryptocurrency mining, they look for ways to gain access without having to pay for it (Steal it). The cryptocurrency creation market is a multi-billion-dollar market and there are over 1,000 different virtual coins. Some of these coins are more established and used for exchange of property and/or services. Bitcoin has the largest Cryptocurrency exchange rate from virtual to physical, but the Monero crypto coin is the choice for malware mining, since it is easily mined with CPU's. Monero transactions provide a greater veil of secrecy than Bitcoin and as such are becoming more established in the Dark market. Tracking the usage of Bitcoin transaction can be accomplished whereas Monero provides a more anonymous transaction. Anonymity is crucial to illegal activities such as Cryptojacking and Ransomware assaults, because of this the dark markets have seen a rise in the use of Monero. With increased use, comes increased demand which then drives up the value (Exchange rate) of the Monero crypto coin. So why all this talk about crypto currencies and how they are mined? "The surge in Bitcoin prices has driven widescale interest in cryptocurrencies".
*2 Attackers need CPU/GPU cycles to mine and Crypto"Hi"jacking can provide this service. Cryptojacking occurs when a malware attacker hijacks a victims computer to mine for Cryptocurrency without their permission. In many instances it occurs within the browser of the victim (drivebys). Symptoms can include the computer heating up, the fan running at a high rate when there isn't any real activity occurring on your device and/or response times are sluggish. The attacker isn't selective on the device, they just want CPU cycles to help them compute the algorithm, devices could be desktops, laptops, servers or even mobile devices. There have been reports of Android devices being damaged from the battery overheating, causing it to expand which results in physical damage to the device.
*3 Consumers aren't as apt to report a Cryptojacking attack. They haven't physically lost anything, and the increased use of electrical energy (Energy costs) would be hard to itemize and like other forms of malware it is very difficult to trace the source back to the malware author. Cryptojacking is growing rapidly, according to a study released by McAfee in June 2018, "coin miner malware grew a stunning 629% to more than 2.9 million known samples in Q1 from almost 400,000 samples in Q4".
*4 Cryptojacking malware kits are now for sale on the Dark market, so many unscrupulous individuals with lesser technical skills can wage an attack. How it works: There are two forms in which Cryptojacking can be delivered:
*5 Left unchecked this malware infection could have a measurable impact on the budget of the victim's server farm. Cryptojacking is no different than any other malware. Systems can be protected from it and the steps required are mostly the same as other forms of malware. Defenses:
Hopefully readers are better informed and prepared to protect themselves against these "Leeches of the Internet". After all, Cryptojacking is just another form of malware, Malware authors use to steal people's money and/or possessions. Please read over & put into practice the defenses called out in this Blog and protect your business, family, friends and your own equipment. References:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.