-mask

Cryptojacking – The Latest Cybercrime Play

Following the news, you are quite likely awed by the boost in cryptocurrency, especially since Bitcoin has made the (financial) headlines. Founded in 2009, it has risen to levels we have seldom seen before. Needless to say, many other cryptocurrencies jumped on the bandwagon and are now catching up with Bitcoin. As detailed in the Global Cryptocurrency Benchmarking Study 2017 of the University of Cambridge, other cryptocurrencies have gained many followers and are traded much higher than ever before. Cryptojacking is a direct result of cryptocurrencies’ rising popularity.

As we all know, anything of value is of interest to cyber crooks. Looking at the spectacular value gain that Bitcoin and the like were able to achieve during 2017, it did not take long for them to focus on ways to benefit from it.  Bitcoin is already familiar territory for them since it is their favorite currency to be paid in for ransomware extortion. But they did not want to use it only for payments, they quickly focused on ways to get more cryptocurrency with minimum effort. What better way to create a new income stream than by stealing cryptocurrency directly from their owners, end users, and cryptocurrency companies?  So what did they do? They are using their still effective cyber attack methods (such as phishing and browsing legitimate websites that were infected) to entice users to download their mining malware through payloads and scripts. They also use watering hole attacks and even social media shares e.g., Facebook messenger, to get their hands on their victims’ cryptocurrency. Unfortunately, those attacks are quite successful. As usual, social engineering is still the secret sauce for their attack success.

They use “cryptojacking” to use their victims’ computing devices to mine cryptocurrency without their victims even being aware of the attack. Although this attack vector in itself is not entirely new, it is still highly effective and has surged during the last months of 2017. To state it plainly – hackers have found a way to ride the cryptocurrency boom. From Bitcoins to Litecoins, Ethereum, Ripple, and Iota, – nothing is safe from those cyber crooks.

Sadly enough, we can presume that millions of users worldwide might already have been victimized, which would translate into millions of dollars in illegal gains for those cryptocurrency hackers. We already know that attacks have been carried out by e.g., infecting legitimate websites such as the CBS Showtime website, UFC live streams, and even governmental websites of countries such as Moldova and Bangladesh.

When web browsing is used as an attack vector, the cryptojackers use JavaScript on a legitimate webpage to mine digital cash. Since JavaScript is used on almost about every website, the JavaScript code responsible for in-browser mining doesn’t need to be installed. This way, the cyber crooks are sure that their victims will not even notice that their computers are secretly abused to mine cryptocurrency. When cyber crooks use emails as an attack vector, they send socially engineered crafted emails to millions of potential victims. Those emails are used to deliver the payload, which will try to install itself on the compromised station to start mining. Again, the victims will quite likely be unaware that their computer has been compromised.

As 2017 comes to a close, we at Cymulate want to warn all legitimate owners and miners of cryptocurrency worldwide that, sadly enough, they are under attack. Cybercrooks have branched out to become cryptocurrency hackers who are launching new forms of malware to harvest by hook and by crook the digital tokens that use the processing power on their victims’ computers for their own benefit. Their effective attacks are likely to have already affected millions of users. If this crime trend continues, many more will be victimized and their illegal gains will total millions of dollars. To illustrate, the Slovenian mining marketplace NiceHash was hacked on December 6, 2017, by professional attackers using sophisticated social engineering. Approximately 4,700 bitcoin were stolen with a market value of close to $64M (at December 7, 2017 prices).

To protect your cryptocurrency, we advise you to store them in a cold wallet (a physical device, such as a USB flash drive, that is disconnected from the web and can be plugged in when needed) instead of a hot wallet which is an internet-connected account that potentially can be accessed by hackers.

To protect users and organizations, we advise to check regularly if the infrastructure has been compromised. Since social engineering remains popular, organizations need to be vigilant and make sure that their employees will not fall victim to emails containing malware or phishing attacks that will trick them into downloading the malicious crypto mining script. By using the Cymulate platform, enterprises can run simulations anytime and from anywhere to check how resilient their infrastructure is against such attacks. To learn more, click here.

Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate’s platform.

Start a Free Trial

Don’t speculate, Cymulate