The Good Old Days
The sudden explosive value of cryptocurrency such as Bitcoin and Monero have led many companies to recognize it as a legitimate form of currency. Through regulations, several countries have even legitimized and authorized its use on exchange markets. As cryptocurrency becomes increasingly integrated into our digital lives, it has also drawn the ire and attention of cybercriminals looking to make easy and lucrative profits.
Cryptocurrency coins or tokens, the digital and open-source equivalent of banknotes, are generated as a reward for solving a computationally intensive puzzle known as a block. Together, these blocks form what is known as a blockchain, or the vast digital ledger that records all transactions within a given cryptocurrency system. One can willingly participate by utilizing their computer or handheld device’s resources to “mine” these virtual coins or tokens and reap the monetary rewards in turn. Unfortunately, cybercriminals looking to make easy profits can exploit security vulnerabilities on individuals’ computers to install and run malicious software (malware) without your knowledge. This malware works by hijacking the system’s computing power, forcing it to mine cryptocurrency without any user intervention or awareness. Cybercriminals end up pocketing the profits at your expense.
In recent months, the information security community has witnessed a surge in malware dedicated to cryptomining. Although this form of malware was first observed in 2011, the introduction of new attack vectors, coupled with the growing interconnectedness of systems, has greatly increased the rate of infections. This is evident by the sheer variety of compromised systems, ranging from millions of Android smartphones to digital signage in department stores to government websites serving up malware to the casual internet surfer. Even system updates from a major software vendor were found to be compromised and delivering cryptomining malware.
This type of malware has proven so profitable to cybercriminals that it has even altered their favored tactic, ransomware, which itself had become pervasive in recent years. While always a tricky proposition, balancing courtesy and professionalism with demanding a ransom be paid to restore valuable files, cybercriminals have determined that it is far easier to simply hijack the same system in order to steal its resources and mine the very cryptocurrency they are after. Symptoms of a cryptomining malware infection include unexpected system slowdowns, nearing the point of a system-wide crash.
The best protection against cryptomining malware, and malware in general, is to raise your security savviness in order to spot security risks. Although the recent focus on stealing coins and tokens is novel, the method of delivering malware still relies on variations of existing attack patterns, such as phishing e-mails and drive-by downloads. The axiom “trust, but verify” is used throughout the information security community as a way to scrutinize actions and behaviors. This is increasingly important given the hectic pace of our digital lives. For example, prior to opening an e-mail, ask yourself, “Am I expecting an e-mail from this individual about this subject?” and “How well do I know the sender of this e-mail?”. When reading an e-mail, ask yourself, “Is there a sense of undue urgency in the message or tone?” or “Is this e-mail causing an unexpected emotional response (e.g., anxiousness, excitement, anger) coupled with an action to be taken?” When in doubt, there is no harm in attempting to verify the authenticity of an e-mail or request, such as calling the sender on the phone if the e-mail or request feels questionable. Ultimately, it’s our gut reactions that will keep us safe and secure online. Cybercriminals will attempt to provoke and lure you to react a certain way, known as social engineering, but that is a topic for another time and newsletter.