Who is using your CPU? Amid the haze of security fears around hacks, backdoors, violations and phishing, we tend to minimize the risk for hardware – after all, data may have gone beyond the company boundary, but computer stacks are still at safe in camera. Right?
Well, the cyber security space is constantly evolving and new threats come every day. One of the most worrying is the hidden cryptocurrency, both for companies and individuals. Willem de Groot has discovered that at least 2,500 sites are running the code to encrypt-mining the browsers of unwitting visitors. It is well known that Bitcoin has had a significant crash in recent times, but there is still a lot of money from cryptocurrency and cybercriminals have been ready to make it happen.
It could be a relatively new threat; however, it is likely that if it is not dealt with quickly, it could become the next incarnation of ransomware, hijacking the victims' CPU units and twisting them dry. Stopping this harmful activity will not be a simple task. The forces of order will find it difficult to challenge the authors because of the anonymous nature of the cryptocurrency.
What exactly is the hidden encryption extraction?
Crypto-mining is the process of exploiting large-scale computing power to solve cryptographic problems as quickly as possible. Each cryptocurrency software publishes a new problem every few minutes and the first person who manages to create it correctly by finding the correct cryptographic "key" is assigned a "prize" in its currency.
Encryption is designed so that the only way to find the key is to rotate random numbers until you hit on the right by chance. To achieve this, hackers can tap the CPU and the power supply of compromised machines to help solve the problem.
The huge number of machines working on every problem around the world means that you need a lot of energy to be the first to find the solution. The average "crypt mine" – actually just a huge server installation that runs random number generators at colossal speeds – uses electricity at an extremely expensive rate and needs a lot of human maintenance.
Does this really influence me?
At one point in recent years, an enterprising miner has clearly hit on the idea that it would be much cheaper to use someone else's computers and electricity than his own. Since then, the number of "cryptojacking" cases has soared.
There are some ways in which an innocent bystander can be deceived in a mining service. Hackers can exploit known system bugs to get access to outdated Web software (as in the examples found by de Groot) and then direct them to dig behind the scenes in users' browsers. They can create counterfeit sites to implant malware on visitors' computers, which connect their CPU to data mining operations. Or they can use phishing emails to provide malicious code and engage victims in their mining network, actually just an update of the old botnet formula.
Does it really matter?
Of course, security teams should be experts on how to resist phishing and spoofing. But malware should not be implanted directly on your system to represent a danger. Just visit a damaged site to connect the power of your computer to a hidden mining operation for as long as the page is open and there's no easy way to tell if a site has been compromised.
The result of all this is that the hidden cryptocurrency represents a serious financial and reputation risk for companies. If employees regularly access compromised sites, the electricity bill could rise while the system's efficiency collapses. If your site has been hacked, you may inadvertently link your prospects to the mining industry. A handful of poorly managed crypto-mining incidents and well advertised in customer browsers could have a serious impact on your reputation as a secure company.
It is even conceivable that advanced forms of cryptocurrency can tax victims' systems to the extent that they become unusable, effectively making machines compromised offline. The results would be disastrous for productivity and reliability in the same way, ultimately affecting the bottom line.
Can something be done?
So the key question is how to defend against a type of threat that is so hard to detect, so hidden? To extend the image, look at espionage: MI5 tackles covert operations with information gathering. This is the long and short of what companies should do to defend themselves in this scenario.
Security teams should be equipped with a threat-driven defense, as it will provide them with the tools they need to detect malicious mining activities and code sources that run these programs, as well as manage real-time threats that arrive in one day – to basic day. Knowledge is power in this case. If security teams are integrated into their networks, they can easily identify any potential extraction activity. The enormous mass of code that these researchers have to deal with on a daily basis means that a wide range of threat information can provide greater accuracy when it comes to threat detection.
Knowledge is also incredibly valuable beyond internal networks, if you are able to understand who is behind any hidden mining that is identified. Is it a single hacker trying to make extra money, or a full-blown mine that illegally uses resources outside its borders? Therefore, sharing is important. By accessing the data of open-source threats from other organizations and sharing their own, you can build a broad and detailed picture of the adversary they face. Once this information is collected, your defense will be greatly strengthened.
The reality is that cryptojacking will not get anywhere soon. The basic technology will be available for years until there is money to be made and your systems will be sufficiently vulnerable to be targeted. So rather than trying to win the war, fight the current battle and keep hackers at bay. Make sure you have the tools to monitor the activity of the network and record any mining activity before it can damage your business. In a world of espionage and counterintelligence, the player with more information wins.
Adam Vincent, CEO, ThreatConnect
Image Credit: Make-Someones-Day / Pixabay