As malware changes over time in function, scope, and impact, researchers see different trends rise and fall as development of various kinds of malicious software “matures.” While 2017 seemed to be the year of ransomware, 2018 looks like it is going to be dominated by a fresh and interesting new breed of malware—Crypto Miners.
Crypto mining malware has been around for a long time. However, with the recent surge of cryptocurrency activity, crypto miners are taking the malware “industry” by storm.
Cryptocurrency is a means of trade represented in digital assets. While they usually function as an alternative currency (digital currency, virtual currency, etc.) and on that level seem pretty straightforward, cryptocurrencies have rather complex technical origins.
Every kind of cryptocurrency, such as Bitcoin, Etherium, Monero, and more, is based off a unique blockchain. Blockchains (which basically are lengthy record lists linked with cryptography) allow cryptocurrency to be “decentralized,” and thus uncontrolled by entities such as governments and banks that have traditionally lent security and trust to monetary systems and financial transactions.
The reason why Blockchain is important to mention is it prevents duplication of cryptocurrency, and is also a key factor in how cryptocurrency is mined. Crypto-mining is the confirmation of transactions, which occurs by solving complex mathematical equations. This is done by directing a computer to solve those equations, and with each solution a block is applied to the blockchain—the “public ledger.” (Click here for an understandable explanation of this process.)
Mining (i.e., “earning”) crypto currency takes a lot of time and computational power. The more computers are working on these equations at a time, the more quickly and efficiently the currency can be mined. This currency then has real-world convertible value that can be traded for controlled currency, like dollars or yen.
The most effective profit strategy for crypto mining is to have the largest possible “army” of machines performing calculations for as long as possible. When crypto mining software is applied to a website, that site is then able to command/enslave visitors’ computers to mine crypto currency while they are using the website. This potentially forces visitors’ computers to go into processor overdrive and/or drain their batteries.
Some crypto mining malware does this “sustainably,” residing openly on websites and only asking a small tax of energy from users for mining as an alternative business model to advertising. Others, however, show no mercy, grinding processors to their absolute limit to mine as much as possible. This can significantly degrade performance, drain batteries and even damage hardware over time.
Crypto mining software can be malicious malware placed on highjacked websites or extensions. This is usually called “cryptojacking,” and can occur on sites that haven’t been properly secured or on extensions parading as other software. This is becoming an increasingly popular means of attack, and is poised to eclipse ransomware in payoffs. The profits from crypto mining malware are in the millions of dollars, and the scheme continues to thrive as more sites are highjacked over time. Monero is the most common cryptocurrency now being mined maliciously, thanks to its open-source blockchain.
Protecting your web applications and network against cryptojacking is critical. Crypto mining software can slow site functionality, drive users away, and cause general harm. Ensuring good web security practices is the first step to preventing site highjacking.
Another vector for cryptojacking is social engineering, which can plant sophisticated cryptominers inside of businesses, forcing employee computers to mine. Good network security hygiene and employee education are excellent starting points to ensure your business’s network and client base never get enslaved into mining Monero!
Cryptojacking isn’t the only concern for users, however. Some businesses are now openly or covertly placing cryto mining software on their websites. While some view this as “legitimate business” as opposed to cybercrime, it can still cause serious harm to users’ devices, especially if improperly implemented.
The legality and ethics of this emerging issue are still being debated, and a consensus hasn’t yet emerged as to whether corporate crypto mining is an acceptable means of boosting profits. However, it is generally frowned upon, due to its potentially exploitive nature and the user risks associated with it. Good practice is to leave cryptocurrency mining out of your business model, and offer services and products that are miner-free.
To find out more about cryptojacking and whether it threatens or is actively exploiting your business, contact Pivot Point Security.