Mark Twain popularized the phrase, “There’s gold in them thar hills,” when he wrote about the gold rush of 1849. Today, the gold lies not in the hills of California, but within crypto mining servers dispersed across the Internet. This new gold is not mined by the power of the pick and shovel, or even dynamite. Instead, computer processors power the mining operations that create this digital gold. Welcome to the modern day gold rush of today’s digital age.
Today’s gold rush is all about cryptocurrency, and while many people may not completely understand what it is or how it is produced, many heard that some people are making a lot of money with it. The most recognized and highly touted cryptocurrency is Bitcoin, which from a value of less than $800 at the start of 2017, is currently trading above $16,000, and could hit $17,000 by the time this blog post is finished. Whether at the company water cooler or the hip evening cocktail party, people are buzzing about the money that is being made. As the pundits on network news shows debate whether cryptocurrency will ever become a true currency, ordinary people are scrambling to learn more about how to get their share in this cyber coin frenzy.
Cryptocurrencies are supported by blockchain technology that consists of blocks containing transaction data that forms a public ledger. This blockchain ledger is an open way to record transactions between two parties in an efficient, verifiable and permanent manner. These blockchains are created by “miners,” using powerful computer systems to record and verify these transactions. In exchange for creating and managing the ledgers, miners get a share of the cryptocurrencies they mine. The problem is that due to the popularity of bitcoin and other currencies, it takes a lot more processing power to mine the digital currency than it used to. The required hardware in fact is extremely expensive today, and that is where we get into the more sinister side of mining cryptocurrency.
Cybersecurity Threat: Cryptocurrency Mining Malware
Many modern day prospectors of cryptocurrency are looking for miners to help mine the digital gold. In fact, you yourself may be an unwilling, yet unsuspecting culprit, and not even know it. That is because your computer may be silently mining cryptocurrency for a remote hacker at the expense of decreased performance and added latency. By hiding stealthy software in sites that you visit, cybercriminals have found a way to exploit your device’s CPU to mine coins of cyber cash. It is the latest threat on the cyber landscape that we must all worry about - cryptocurrency mining malware.
It might be difficult to say five times fast but the concept of how it works is simple. A hacker finds a way to deposit malware onto your computer. Once infected, the malware begins using the CPU and memory resources of its hardware host to help collectively mine the type of cryptocurrency it was designed for. Check Point Security ranks two types of CMM in their monthly list of Top 10 Malware Threats in November. They also report that these malware types can consume as much as 65% of your local processing power. An IBM security team reports that cryptocurrency mining attacks have increased by over 600% this year while Kaspersky Lab reports to have found the mining menace on 1.6 million client computers.
One example of malware is Adylkuzz, which actually infects PCs in the same manner as the WannaCry virus, using an exploit found in the Server Message Block protocol. Unlike WannaCry however, it does not require any manual interaction to infect the system and actually protects its unknowing host from other types of malware attacks using the same MS17-010 vulnerability. The most prevalent threat today is CoinHive, a JavaScript program that is designed to reside on web sites and run in the browsers of visitors. Once deposited within the browser, it crunches the calculations that mine a little known cryptocurrency, a currency that actually was designed to be mined by the CPUs of ordinary PCs. The latest entrant on the cyber landscape is Seamless, a traffic distribution system type of malware that redirects the victim’s device to a malicious web page. Once connected, an exploit kit is downloaded which will allow the attacker to download additional malware to being mining operations.
The entire issue of cryptocurrency mining malware is a gray area that society will have to address. The creators of these software mining initiation applications argue that their efforts are no different than those sites that mine data from us based on our browsing history and location. In summary, there’s more than just gold in them thar hills, there is malware too. Make sure your multilayered cybersecurity solution can counter this new menace. For quick answers, read our infographic, “Top 5 Security Threats and Smart Moves,” created by a trusted technology partner.