Friday, June 15, 2018

5 Things You should know about Cryptomining Threat

Cryptocurrency has become a topic of interest over the last two years, in particular the past six months following media reports of Bitcoin’s massive value fluctuations. On the other hand, cryptocurrency mining has become more difficult, with some businesses now establishing dedicated servers to gain profits. Browser resource hijacking is far more widespread than expected. There is no certainty on how much cryptocurrency can be mined through cryptojacking.
 
Though it is still in the initial stage, there is a lot of room for cyber-criminals to exploit this option. A couple of weeks ago, Reuters reported that thousands of websites, including ones run by U.S. and UK government agencies, were infected with cryptomining code. As we covered recently, many enterprising hackers also use this attack method to take advantage of the surge in online viewing activity around high-profile events such as the 2018 Winter Olympics.

Cryptojacking is a very different method for cyber-attackers to generate profits for themselves, as compared to ransomware. Unfortunately, they are not mutually exclusive. Cryptojacking tends to be more ‘passive’, where victims may not be aware that their resources are being used to mine cryptocurrency for the attacker. In other words, “miners” work to solve complex mathematical problems in order to generate income in the form of digital currency, such as Bitcoin, Ethereum, Monero and others.
 
This mining process requires serious hardware and significant CPU resources to “create” cryptocurrency. On the other hand, ransomware completely impairs a user’s ability to access their data until a given ransom is paid. The same hackers can easily launch both types of attacks, albeit probably against different users. This is why it has become even more important for organizations to actively share threat intelligence and leverage the same network effect that cyber-criminals have long been relying on to improve efficiency.

Here are five things everyone should know about cryptomining.
 
1. How Cryptomining Malware Is Executed:
 
Malicious cryptomining typically spreads in one of two ways. The first approach is by malware, delivered via a malicious email attachment or link. Researchers found that 23% of organizations globally were affected by Cryptomining malware, specifically the Coinhive variant, during January 2018. The second approach is to infect third-party content providers used by high trafficked sites. For example, an advertising provider might be targeted because of its access to thousands of websites reaching millions of people.
 
This method can deliver more substantial return for the attacker. When users visit the site, they unknowingly “donate” their computing processing power to the attacker while they remain on the page. These attacks don’t require, or spread, malware on the user’s endpoint, so while users are impacted, they are not infected?



 
2. How the attacker uses processing power from your infected device:
 
By using crowd-sourced computing power, the attacker can scale up his/her mining efforts while eliminating the need to purchase expensive equipment as they “pan for digital gold.” The more collective power and speed the attacker can amass, the bigger the cryptocurrency payout.
 
3. How to tell if you've been hit by cryptomining software:
 
In most cases, you won’t find malware on your device, since this type of attack can run without it, so the only indication may be a visible slowdown in performance.
 
4. Why cryptomining is a big deal from a security perspective:
 
What’s so concerning about this type of attack is that user computing power can now be hijacked by attackers just by visiting an infected site or a site that uses an infected third party.
 
5. How to protect yourself and your devices from cryptomining:
 
Unfortunately, there is a little you and other end users can do but to monitor for abnormal utilization of browser process (not trivial for a non-tech-savvy users) and higher than normal CPU usage. Instead, the responsibility should rely on those who own and maintain the website to routinely inspect all of their third-party providers.

Cyrptomining operations will continue and are likely to expand. With the increase in mining specially Monreo using malware installed on internet-connected servers, we have another reason to be more cautious and improve the performance of our systems.

No comments:

Post a Comment

High Paying Jobs after Learning Python

Everyone knows Python is one of the most demand Programming Language. It is a computer programming language to build web applications and sc...