While Bitcoin took a bit of a beating in August 2018, it did little to dampen interest in the obviously volatile cryptocurrency market. Bitcoin lost 20 percent of its value in just two weeks in August, according to some reports, and yet there appears to be substantial optimism in the currency. According to one report, there were 96 new crypto hedge funds launched in the first seven months of 2018 and when the Turkish Lira plummeted 20 percent in August 2018, there was a surge in Bitcoin trading. Cryptocurrency is clearly here to stay and while that may whet the appetite of brave investors, it’s also a magnet for crime.
Unsurprisingly perhaps, hackers are targeting cryptocurrency exchanges but what many businesses and individuals may not realize is that there is serious money to be made in actually performing admin functions for the currencies themselves. Called cryptomining, it can be big business. Some reports have suggested that profits from mining have hit over $4 billion between 2017 and 2018. It is an industry in itself that has spawned a range of applications dedicated to the process.
What is cryptojacking?
Cryptojacking is a form of cyberattack in which a hacker hijacks a target’s processing power in order to mine cryptocurrency. Anyone who mines successfully receives cryptocurrency as a reward. The current reward is 12.5 bitcoins, which has an approximate value of $100,000 and can be used to buy flights and hotels through Expedia and games and apps through Microsoft, download music and even buy gold.
Not everyone who tries to mine cryptocurrency will actually get this reward, however, because not everyone can successfully mine bitcoin. Mining is essentially verifying bitcoin transactions, such as a bitcoin trade or where someone has used bitcoin to purchase a product or service. Every transaction needs verifying and writing to the blockchain. How this is achieved is complex but in simple terms, it’s a guessing game.
Mining software ‘reads’ the transaction on the network and then guesses the number required to write it to the block. A multitude of cryptominers will be trying to achieve this at the same time. The more computing power, memory and storage you have the more likely you are to succeed. This need for computing power can be expensive but by infecting popular web sites and computers, hackers can essentially bypass this problem and mine cryptocurrency for free. The effects of this can range from minor nuisances, such as a slower internet browsing experience to grinding networks to a halt.
Essentially this means pretty much anyone can do it and get rewarded with cryptocurrency for their efforts. For serious money making, it’s a volume game but that would demand considerable resources too. You need computing power and that comes at a cost and then there is the electricity. If you are running servers 24/7 those bills are going to be big.
“Computing power is expensive and also uses a lot of electricity which in turn ends up costing a miner a chunk of their profits, so how can an attacker make money and not have to pay any fees?” asked Alex Archondakis, a member of the BCS Internet Specialist Group. “The answer is cryptojacking, which involves embedding malware into popular sites that get thousands of visitors per day. The infected computers of those browsing the sites will silently mine cryptocurrencies without the user’s knowledge and deposit the earnings into the attacker controlled, anonymous wallet. No costs for hardware, no costs for electricity and the malware can often go undetected for long periods of time.”
It’s far from an isolated incident. In May 2018, a study by The Conversation in the US found 212 websites involved in cryptojacking. Ads it seems are the most common point of entry. According to Trend Micro, the company saw a 108 percent increase in unique web miner detections from March 24 to 25 (2018) – “a significant jump that showed the effectiveness of the compromised advertising platform,” it said.
And the boom shows no signs of slowing down. Cryptomining malware soured by 4000% in 2018, McAfee found,12 while Symantec reported to have blocked almost 5 million coin mining events in July 2018 alone.
It’s not just websites that are being hacked either. There are instances of more intrusive mining. “Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and COO, Symantec in a statement in March 2018. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”
Fey was alluding to the growing trend of hijacking cloud-based networks in particular and he has a point. In February 2018, hackers used Tesla’s public cloud network to mine cryptocurrency and in March 2018, GitHub was used to host cryptocurrency mining malware. In fact, 25 percent of organizations have experienced cryptojacking activity within their cloud environments in 2018, according to a recent RedLock report.
What is the risk to business?
There are some fundamental risks to cryptojacking. Think of it in the same terms as botnets. For one, it forces victims to waste energy. Digiconomist reports that the electricity consumed for a single bitcoin transaction could power 15 US households for a day.18 If you multiply this by the number of machines in a business or a data center, you can start to get an idea of how much energy is being used and how much this could cost a business in electricity alone. In fact, according to research at PwC, bitcoin miners consumed as much energy in 2018 as Hungary.
There is also the additional issue of network performance impairment. Cryptojacking is basically stealing your processing power, leading to spikes in load. Inevitably, this means that everything else on the network will run slowly or not at all. For most businesses, this is a disastrous scenario. As Mursch pointed out in his blog, “cybercriminals look to enslave as many devices as possible to maximize their profits. This is why you need operational awareness on how your resources are being consumed.”
According to Fabian Libeau, EMEA VP at RiskIQ, “it’s the soft underbelly, the forgotten assets that attackers are looking for,” he said in a report in July 2018. “We found a global bank with two or three [obscure] servers in the Netherlands that nobody really looked into, but they were mining in the background.”
This indicates that cryptojacking is in fact highlighting site and network vulnerabilities to other attacks. Libeau went onto say that it’s a privacy issue but also shows a lack of visibility of business networks and resources. “There’s a whole bunch of stuff that people internally never see because it’s not sitting on the site, it’s called dynamically from third-party servers,” he said. “The world looks like a different place when we take the attacker’s point of view and look in from the outside.”
What can companies do about it?
Awareness of the issue is essential. As with most security threats, an understanding of how it operates will help determine next steps. Here we have outlined seven key actions to help prevent cryptojackers taking over your network.
1) Implement the basics – keep software up to date with the latest operating system and hardware patches. Keep security applications up to date and measure usage across the organization. It’s about prevention as much as detection.
2) Make training a priority – add cryptojacking to security awareness training and policies – this should help with ensuring any bring your own device (BYOD) policies do not lead to intentional or inadvertent ‘infection’ of the company network resources. Awareness is everything.
3) Use an adblocker – the NCSC recommends using an adblocker, or anti-virus program with the capacity to block browser mining.22 Adblockers offer the most accessible and cost-effective solutions to businesses. Users of ad blockers can also employ features to block cryptomining scripts that reside on certain websites (and aren’t embedded in ads)
4) Block destructive domains – insider threats are a potential problem, particularly given the ability to make money. Security researcher Troy Mursch recommends “blocking known domains and IP addresses tied to illicit cryptomining. A frequently updated list of these domains is available via the open source CoinBlockerLists.”
5) Manage your devices – ensure the business has the latest devices with up-to-date software and state-of-the-art device-level protection. This can include hardware-enforced self-healing, fingerprint readers, features that only allow the viewer to read the screen and fully containerized browsing. Asset management is essential to keep track of the complete hardware inventory.
For most people, just browsing away from infected websites may be enough to stop the cryptojacking process but IT managers need to be aware of all the possibilities. We are still at the start of the curve on this, and as the reports have all suggested, cryptojacking is a growing problem.
Staying one step ahead will always be a better policy than reacting to infection. Proactive measures across all security threats are increasingly essential and cryptojacking is no different. This is not going to go away either. As long as there are significant rewards for mining cryptocurrency, the hackers will find clever ways to get around the security measures. If IT managers and users recognize the tell-tale signs, at least the problem is less likely to go undetected.
As more business networks shift towards the cloud, cryptojacking could become an even greater threat to network and device stability. It’s essential that IT managers act now to put measures in place to secure devices and educate organizations of the growing threat.
As Stan Gibson, technical writer at security firm Symantec pointed out in a blog, cryptojacking is here to stay. “Annoyance or Crime? It’s both but either way, don’t expect the phenomenon to disappear quietly into the night.”
Managing your devices can help deter jackers
HP Device as a Service (DaaS) delivers a modern service model that simplifies how organizations source, support, and manage IT with insightful analytics and reports from HP TechPulse. With DaaS, HP partners with customers to increase user productivity, operational efficiency, and cost predictability. The model is transformative in nature, enabling increased and centralized security that’s much easier to keep up to date. As regulations change or threats increase, devices can be easily kept current with patch management, to meet requirements.
While helping to manage volatility and fast-changing business needs, HP Proactive Security Service enhances secure management capabilities with real-time malware protection through isolation technology, security and threat analytics and specialized expertise. With support from Service Experts, security positions are strengthened, and attacks are anticipated – preventing a negative impact on business.* **
Plus, HP Service Experts can enforce security policies for your Windows, Android or Apple devices. With HP TechPulse, Service Experts can implement these policies and help protect data if devices are lost or stolen, as well as getting a holistic view of device protection status and detailed findings on attempted and blocked attacks. For further device protection, consider HP Elite products, the world’s most secure and manageable PCs.*
It’s about being proactive to identify and mitigate issues, optimizing and securing your multi- OS devices before they are subjected to threats.
*System requirements for HP DaaS Proactive Security are: multi-vendor client devices running Windows 10 1703 or later with a minimum of 8 GB memory and 6 GB of free hard disk space to install the software client. HP DaaS Proactive Security requires HP TechPulse, which is included in any HP DaaS or HP DaaS Proactive Management plan. The HP DaaS Proactive Security Enhanced plan requires customers to be enrolled in an Enhanced or Premium HP DaaS or HP DaaS Proactive Management plan.
**HP Sure Click Advanced technology is included with HP DaaS Proactive Security and requires Windows 10. Microsoft Internet Explorer, Google ChromeTM, and ChromiumTM are support- ed. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe® Acrobat are installed.
***Based on HP’s unique and comprehensive security capabilities at no additional cost and HP Manageability Integration Kit’s management of every aspect of a PC including hardware, BIOS and software management using Microsoft System Center Configuration Manager among vendors with >1M unit annual sales as of November 2016 on HP Elite PCs with 7th Gen and higher Intel® Core® Processors, Intel® integrated graphics, and Intel® WLAN, and on HP Workstations with 7th Gen and higher Intel® CoreTM Processors as of January 2017.