Bitcoins & Cryptojacking
Updated: Nov 5, 2021
Introduction to Cryptocurrencies
To some degree or another, most of us have heard of the term Virtual Currency. This is essentially the cloud-based version of traditional paper money. For example, with Ransomware a Cyber attacker wants to be paid with this new type of currency, usually in the form of Bitcoin. There are other types of virtual currencies that are out there, and collectively, these are also known as “Cryptocurrencies”.
There was a time when Cryptocurrencies were all the rage, especially in the financial markets. Futures contracts and even indexes were created and tracked for them and were traded heavily. For a period of time, their value went sky high, and people thought that this would be the real thing again, just like the .com craze back in the early ’90s.
Cryptomining & Cryptojacking Defined
But, as that came to a crashing end, so did the volatility of the Cryptocurrencies. They are still being traded, but not with the volume and the market capitalization that it once had. Now, here is another twist to the story. The Cyber attacker is entering into this realm, with a new threat called “Cryptojacking”, which is essentially mining the various Cryptocurrencies for monetary value.
But first, it is important to review what Cryptomining is all about. This is done by using specialized machines, in which the miners process as many Bitcoin transactions as they can. This is done by solving complex mathematical equations which allow them to put together, or chain, various blocks of transactions together in a sequential fashion (thus the term Blockchain).
How a Cryptojacking Attack is Launched
Because of the return that is associated, the Cyber attacker now wants to gain their foot into this game, and become crypto miners themselves, but of course illegally. But keep in mind, there are very complex mathematical problems to solve in order for the miner to be rewarded. This of course takes a lot of computing and processing power.
The Cyber attacker does not want to spend the money in terms of procuring the extra hardware to do this, so he or she will hijack your computer, and from there, steal the processing power as well as the electricity in order to mine Cryptocurrencies. You may be asking at this point; how can they do this to your computer?
It’s quite easy. All they have to do is send you a Phishing Email, which contains a malicious link or attachment. Once you have fallen victim to this, a specialized Cryptomining code is then installed onto your computer or even mobile device.
But what is even stealthier is that even if you visit a website, there could be infected pieces of Java source code running behind the site you are viewing, and from there, the Cryptomining code can then be covertly loaded onto your computer. At this point in the game, the Cryptomining code is now technically malware.
But the problem with this new malware is that it is very difficult to spot on your computer and can be installed and deployed in a very sneaky manner. In these instances, the Cyber attacker is not just exclusively targeting computers and wireless devices, they will go after anything that will give them free electricity. This includes servers, routers, cable modems, firewalls, network intrusion devices, etc.
It is also important to keep in mind that there is no specialized package that the Cyber attacker has to deploy onto a device – the malware is just a few lines of infected source code, and as a result, this makes it all the more difficult to detect. Because of the extremely low overhead that is required, and its sneaky nature, the rise in Cryptojacking has increased significantly.
For example, McAfee has just discovered almost 3 million new cases of it, which is a staggering 629% increase from 2017. So, what are some of the telltale signs if your computer has been hijacked for the purposes of Cryptojacking? Here are some clues:
A slowdown in the speed of your computer;
Very slow load times when trying to connect to the Internet;
A slow increase in your electricity bill.
Other Cybersecurity Risks To Cryptocurrencies
1) Unregulated exchanges:
In the financial markets where established trading instruments (such as mutual funds, ETFs, etc.) there is a huge oversight by the various government agencies in order to make sure that the proper controls are put into place and monitored very closely. But this is not the case with the exchanges in which for example, Bitcoin would be traded. They go un-monitored, and because of that, there are no controls. Thus any confidential information and/or data that you submit for a trade could be intercepted very quickly by a malicious third party.
2) No account security:
All of the traditional financial institutions are now mandated to offer the highest level of Cybersecurity to customer accounts. However, in the case of Bitcoin, many people buy it using a private key, which is typically stored on a personal device. This can pose a serious threat if it is hacked into, and it is quite possible the amount of Bitcoin you bought could very well be hijacked also. At the present time, the virtual currency exchanges do not offer secure customer accounts, so the customer is pretty much responsible for their own security. Examples of this include the following:
Coincheck had $550 million worth of cryptocurrencies heisted;
Bithub had $30 million stolen.
3) A further rise in phony websites:
Given the ever-growing popularity of virtual currencies, many Cyber attackers are now setting up spoofed websites which con victims into investing or even donating their Bitcoins. These are very similar to normal Phishing campaigns, and the result is that the virtual currency is deposited into a phony overseas account, which probably cannot be recovered. An example of this is the Initial Coin Offering. With this type of scam, victims are lured into investing their Bitcoin into the promises of the launch of a new type of virtual currency, which turns out to be fake.
With the Remote Workforce now taking a permanent foothold worldwide, many Cyber attackers are now “shying” away from tapping into the electrical and processing powers of both hard-wired and wireless devices. They are now shifting their attention to the Cloud-based platforms, such as those of the AWS and Microsoft Azure, when it comes to hijacking the resources of the Virtual Machines (VMs).
A future article will do a deep dive into this and provide tips as to how you can keep your VMs safe in the Cloud.
Reach out today to talk with one of our security experts to learn how to discover security gaps within your organization.