April 26, 2018

Crypto Jacking – The New Threat

(Last Updated On: 4th April 2018)

In this post I will discuss the new threat of Crypto Jacking – what it is, where it came from and why you should be on the look out.

What is Crypto Jacking?

Crypto Jacking is where malicious code is installed on your infrastructure/Computer with the aim of using your processing power to mine Crypto Currencies on behalf of the owner of said malicious code. The occurrences of this type of attack have increased massively over the last 12 months and have surpassed RansomWare occurrences by quite a margin.

What is Crypto Currency?

If you haven’t heard of Crypto Currency (where have you been) the chances are you have heard of BitCoin. It’s been in the news for quite some time and has made a lot of people wealthy. I’m not here to promote one crypto currency over the other, all you need to know here is that they are de-centralised digital currency. Instead of using banks to monitor and log transactions, it uses a peer network. The peers in this network are rewarded with a set amount of the digital currency for monitoring and logging transaction and this is what is often referred to as “Mining”. This requires a vast amount of processing power and that is where Crypto Jacking comes in, by hijacking your computing power and thousands of others in order to calculate, log and monitor this transaction data for the specific crypto currency.

Why the sudden spike?

Unlike RansomWare, this software can go undetected for months or longer – this means the infected machines provide a possible source of income on an ongoing basis – where as RansomWare is not necessarily a guaranteed source of revenue. This has made this type of attack preferable over RansomWare.

Where did it come from?

It has risen in prevalence since the start of 2017 Рit seems it may have been somewhat inspired by the perfectly legitimate CoinHive system Рwhich allows websites to give users the option to enable crypto mining through the browser instead of displaying advertisements  Рonly whilst present on their site. This method has been used illegitimately to serve Crypto Jacking code in advertisements through sites such as YouTube, but there have also been advancements in this threat where it can be installed on a PC on an ongoing basis and not just whilst the users browser is on a particular site.

So this doesn’t cost me anything and I don’t lose any data. What’s the risk?

Well, let’s put aside for a moment the fact that your resources could help fund organised crime. There should be a concern that someone has been able to compromise your machine at all. If they can install Crypto Jacking software in your environment, then they can install other malicious code.

There are other impacts. If you’re using a “Infrastructure as a Service” type solution, it’s quite possible that you will be charged more due to the increase processing power being used by this illegitimate application. If that’s not the case, then the users of your services may be impacted by a slow down in the performance of your hardware. If you’re not aware it’s Crypto Jacking causing this slow down, you could be tempted to spend further funds to upgrade your hardware unnecessarily.

What can I do about this?

Not an easy one. There will no doubt be signatures generated for known malicious applications – and likewise and known call out IP addresses or domains will of course be blocked by firewall vendors and opensource threat IP lists (assuming you have these implemented); but another key way of discovering this activity is to have appropriate base lines for your resource usage. Any unexpected spike in resource usages would warrant further investigation.

Thanks for reading,

Jake

Previous «

Jake is a security engineer working in West Yorkshire. He has experience with various firewall vendors including FortiGate, Check Point, Cisco and Palo Alto.

Leave a Reply

Subscribe to SYNACK via Email

%d bloggers like this: