By Reason Cybersecurity
on Tue Mar 03 2020
There is a new big cybercrime baddie in town: Cryptomining malware, also referred to as Cryptojacking, and it’s quickly deposing ransomware of its “king of malware” status.
Before we jump into some of the many reasons behind this dangerous exploit’s explosive growth, let’s get down to brass tacks and dissect this new threat. The first thing you need to know is this: Cryptomining malware isn’t stealing money or data from you. It’s stealing your processing power in order to mine for cryptocurrencies such as Bitcoin or the more accessible Monero.
As the victim, your computer will perform far more sluggishly because attackers are using your CPU to get rich – really rich. Moreover, once attackers have a backdoor into your system, they can shift their attack whenever they please to become far more dangerous than its original purpose. But to really understand crypto-mining malware, you’ll have to understand a few things about cryptocurrencies in general. Lucky for you, a few months back we published a series of posts on the topic of cryptocurrency basics. We’ll go over some of the most pertinent points here, but if you still want more background, check out those posts.
Mining accomplishes two things: First, it’s how new transactions are validated and added to the blockchain. The blockchain is an incorruptible and public record of all transactions performed with a given cryptocurrency (actually, it can be used to validate and record just about anything digital but let’s focus on cryptocurrencies for now). Each time a transaction is requested, dedicated users, via computers called nodes, verify that the transaction request is legitimate and link it back to the previous transaction (that’s why it’s referred to as a blockchain). As a reward for their efforts, miners are granted a portion of whatever coin it is they are mining.
Mining is also how new crypto coins are released. Crypto coins are released this way, which is in a controlled fashion, to prevent inflation, and therefore the devaluation, of the currency. In order to release new coins, highly complicated puzzles must be solved. It takes a lot of CPU energy to solve these numeric challenges, but the owner of the first computer to solve each one is rewarded with a shiny new cryptocoin.
Any law-abiding citizen interested in earning some extra dough can get in on the action by setting up hardware and software that is specifically built to handle a heavy computational load. And while this is pretty much the only way to mine Bitcoins, other currencies such as Monero don’t require specialized anything. In other words, attackers can use any computer to do their heavy lifting. What’s worse is that these guys have a slew of computers mining tons of coins, which means they end up pulling in the big bucks – big time. Networking giant Cisco estimates that a Monero-mining ring can generate up to $500 per day.
Shockingly, legitimate websites like Salon.com have admitted to placing mining software on their users’ devices in exchange for allowing them to browse their site with an ad blocker installed. The publisher claims that it’s a fair trade – users who opt to block ads, and thereby deny them ad revenue, can make it up to them by allowing their CPU to be used as an alternate means of generating revenue. This is okay if the end-user is aware and has agreed to what’s taking place, but usually the user is completely in the dark about what they’ve agreed to and the consequences of that agreement.
There are two basic ways attackers can appropriate your computing power. The first is via malvertising. Malvertising is when ads are displayed on websites that have been injected with infected code. The infected ad executes malicious code whenever the ad is viewed by a user, which lets attackers take over the user’s CPU. The other method is phishing. Just like other similar phishing ploys, attackers send emails with infected links and once you click on them, the infected code begins to run on your computer.
It may seem kind of impossible to prevent something you may not even notice, but there are effective measures you can take that will protect your devices from being hijacked:
Install a small business managed antivirus – Reason for SMBs detects and blocks crypto mining, stops you from accessing websites that run cryptomining software, prevents ad blockers from running on your devices, and protects your systems from pretty much anything else that could damage your digital security.
Patch and update everything – Yes, yes, we know you’ve heard it a million times but it’s still true: keeping your software and OS patched and updated is one of the best ways to prevent any kind of unwanted infiltration.
Improve cybersecurity awareness – Educate employees on signs of infection and how to respond when an infection is suspected.
Cryptomining is still in its infancy – but it’s already everywhere you turn and it’s only going to get worse. Now is the time to make sure you’re aware and protected.