Cryptojacking in Cyber Security (Part 1)
On the 16th of June, 2011, Symantec published a warning on Broadcom, regarding the compromise in the mining of a popular cryptocurrency -Bitcoin.
In History — The Bitcoin Botnet Mining
As at the time, one of the selling points of the Bitcoin currency was the model, that people with specialized computers could begin to earn bitcoin blocks, by making use of their computer’s computational power together with the open source bitcoin software to solve cryptographic proof-of-work problems, which is the same as Bitcoin mining.
Symantec discovered using an online Bitcoin mining calculator, that some networks of computer systems would have been running 24 hours a day to reach the outrageous figures of mined bitcoins they discovered, which is quite impossible to reach by the legal crypto miners.
They also discovered, that earnings each day do not totally vary from day to day, bringing about the possibility of a “botnet” been put to use by cybercriminals.
With every evidence pointing to a DDoS attack (Distributed Denial of Service is a form of cyber attack where an hacker floods an internet server with traffic in order to slow down and totally prevent owners and users of the sites from accessing them), Symantec published a warning and recommended up to date antivirus for Crypto Miners against cyber threats.
Largest botnets in History
In September, 2013, It was reported that Symantec had seized part of the 1.9 million-computer strong ZeroAccess, one of the largest botnets in existence.
Srizbi Botnet tops the list of the largest botnets in the world, consisting of computers infected by a special Srizbi trojan horse. While ZeroAccess is likely to have more than 1.9 million slave computers whose major role is for click fraud and crypto mining, it is quite unimaginable how much of cryptocurrencies have been siphoned by the bot-herder involved.
ZeroAccess is a click fraud Trojan that downloads online advertisements on it’s slave computer, generating affiliate scheme clicks. When ZeroAccess isn’t illegally mining cryptocurrencies via a slave computer, it is busy downloading fraud links for the computer.
The seizure of a part of the slave computers by Symantec was quite a huge victory on their part.
CryptoJacking
I recently came across the word “Cryptojacking" weeks ago while taking an introductory course in cyber security at Cisco.
Just like it sounds, Cryptojacking is simply same as stealing crypto assets.
As much as innovative decentralization occurs, there will always be villains.
A number of people are learning basically how to bypass the encrypted system, by every means possible, including brute force, as long as they can successfully carryout their heists.
Botnets, what are they?
Botnets are networks of computers running on one or more malware-infected robots, usually controlled by a head attacking party, known as the “bot-herder”. Each computer running under the control of the “bot-herder” is known as a bot.
The bot-herder has the authority to command every computer on it’s botnet to carry out a coordinated cyber attack simultaneously, hereby enabling an attacker to perform large scale attacks.
Let’s divert a bit, your computer could be a bot
Well, if you are fond of clicking unverified links, your computer could have been infected. One of the ways jackers (read as hackers) recruit bots is sending links in which malware has been embedded into, via mails or other means.
It is quite possible for your computer to be mining crypto currency without your knowledge. From clicking malicious links, a bot-herder might have taken your computer captive, mining cryptocurrency illegally without your knowledge.
Illegal Mining of cryptocurrencies
Cryptojackers are definitely really good at solving complex mathematical equations. The major difference between legal miners and the jackers is that, jackers steal a person or company’s resources to mine cryptocurrency without paying for mining resources, like hardwares and electricity. The victim’s resources are exploited to mine crypto for as long as possible, without being discovered.
Jackers/Hackers leverage on different methods of cyber attacks, like, sending phishing links as mail, infecting open source code and APIs, coordinating DDoS attacks, to recruit computer systems into the botnet.
Signs that your computer is a bot?
- Sudden battery drainage of your computer: While some other factors may cause an unusual battery drainage of your computer, this is one of the signs, that your computer is working over time, without your knowledge.
- Decreased CPU performance: Cryptojacking causes computers to run much slowly, crashing multiple times and exhibiting slow performances generally.
- High CPU usage: Mining cryptocurrency requires a computer to use close to 100% of it’s CPU.
- Overheating: Since crypto mining require almost 100% usage of the CPU, overheating is inevitable.
Preventing cryptojacking
- Security assessment of computers and devices.
- Implementing secondary security tools
- Enabling network traffic monitoring
- Enhancing protection layer
- Monitoring and reviewing device activity
In the second part of this write-up, preventing and dealing with cryptojackers will be explained explicitly.