Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool
Cryptojacking cyberattack is now the new favorite money-making tool by cybercriminals and computers of organizations lagging behind in cybersecurity are at risk of this type of cyberattack.
A recent report from McAfee Labsshowed that in the 1stquarter of 2018, cryptocurrency mining malware grew to more than 2.9 million or 629% from nearly 400,000 in the 4thquarter of 2017.
What is Cryptojacking?
Cryptojacking is the act of illicitly installing a cryptomining software on the victim’s computer. A cryptocurrency mining software, on its own, isn’t illegal. This software harnesses the power of a computer as a means to release a new digital coin and as a means to verify transactions.
In principle, owners of the computers used for cryptocurrency mining have to be compensated. In cryptojacking, however, owners of the computers used for cryptocurrency mining aren’t compensated. Compensation (in the form of digital coins) goes to the attackers who illicitly install the cryptocurrency mining software.
Cryptojacking has been around since the early days of the development of cryptocurrency, specifically Bitcoin. Cybercriminals, however, didn’t give much attention then to cryptojacking as the monetary return wasn’t significant as the price of cryptocurrencies like Bitcoin was then very low.
Between 2016 and 2017, cybercriminals utilized cryptocurrencies like Bitcoin for their criminal activities. In the past two years, cybercriminals demanded Bitcoin payments from their ransomware victims. Ransomware is a malicious software (malware) that infects computers, encrypts the computer files, locking out users until a ransom is paid (usually in Bitcoin).
In the 4thquarter of 2017, however, much attention was directed at cryptocurrencies as the top cryptocurrency Bitcoin hit an all-time high of nearly $20,000. Prices of other cryptocurrencies like Monero also soured to their all-time highs in the 4thquarter of 2017. Monero’s price per coin nearly reached $450 in the 4thquarter of 2017. This huge price action triggered attackers to turn their attention to cryptojacking.
Even as the price of most cryptocurrencies plunged to more than 60% from their all-time highs, compensation from cryptocurrency mining still proves to be lucrative. To date (July 4that 2 PM + 7 GMT), one Bitcoin is valued at nearly $6,500, while one Monero is valued at nearly $135.
“Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky,” McAfee Labs said in its Threats Report June 2018. “All criminals must do is infect millions of systems and start monetizing the attack by mining for cryptocurrencies on victims’ systems. There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay and who, potentially, may back up their systems in advance and refuse to pay.”
In the past few months, attackers have honed their cryptojacking skills. Here are some of the methods developed by cybercriminals in order to illicitly delivery cryptocurrency mining software to vulnerable computers:
- Social Engineering
One of the ways, attackers propagate cryptocurrency mining software is via social engineering. An example of this social engineering method was an advertisement for opportunities to earn money online posted in a cloud-based instant messaging service. Once this online ad was clicked, the cryptocurrency mining software was then illicitly installed into the computer of the person who clicked the ad.
- Web Mining
Web mining is another means by which attackers deliver cryptomining malware to victim’s computers. In delivering this malware via web pages, attackers use the cryptomining malware called “Coinhive” – a code inserted by attackers in vulnerable websites with high traffic.
In September 2017, attackers infected Showtime websites with Coinhive, enabling the attackers to use the computing power of unsuspecting site visitors of Showtime to mine the cryptocurrency Monero.
- EternalBlue Exploit
Another way by which attackers illicitly install cryptomining malware to victim’s computers is by using the EternalBlue exploit. The cryptomining malware Adylkuzz and WannaMine used the EternalBlue exploit. EternalBlue is the same exploit used by WannaCry attackers. WannaCry is a ransomware that wrecked havoc in May 2017 to hundreds of thousands of computers worldwide, locking out users and asking for ransom payment.
According to Microsoft, the company’s March 2017 security update fixes the vulnerability exploited by EternalBlue. Apparently, hundreds of thousands haven’t installed Microsoft’s March 2017 security update.
- Exposure of Credentials
Another way by which attackers illicitly install cryptomining malware to victim’s computers is via exposure of credentials. Famous victims of this type of propagation method were British multinational insurance company Aviva and Tesla.
Attackers illicitly used the cloud compute resources of Tesla to mine the cryptocurrency Monero, while attackers used the cloud compute resources of Aviva to mine Bitcoin.
According to Redlock, attackers were able to access the cloud compute resources of Avivaand Teslaafter these companies failed to protect their Kubernotes (open-source platform used to automate deploying, scaling and operating application containers) with a password. Redlock said the exposed Kubernetes contained the credentials of the respective Amazon Web Service Inc. account of Aviva and Tesla.
Attackers also profit from concealed cryptomining by using a botnet. Servers owned by organizations are targeted by attackers to be used as part of a botnet – referring to a group of computers that are infected by a malware and controlled by an attacker to be used according to his whim such as for cryptocurrency mining.
Negative Effects of Cryptojacking
Cryptomining malware programs installed in organization’s servers and computers are designed to be discreet. Cryptojacking, however, may result in the following:
- Degraded performance as central processing unit (CPU) resources are used for cryptomining activity
- Increased power consumption
- System crashes
- Potential physical damage as a result of extreme heat caused by cryptomining
- Financial loss as a result of downtime caused by hardware or software failure and the cost of restoring systems
Don’t fall victim to cybercrime and contact GenX’s team today – 416-920-3000