The Impact Of Cryptocurrency - Mining Malware

 The Australian government has just recognized digital currency as a legal payment method. Since July 1, purchases done using digital currencies such as bitcoin are exempt from the country's Goods and Services Tax to avoid double taxation. As such, traders and investors will not be levied taxes for buying and selling them through legal exchange platforms.

Japan, which legitimized bitcoin as a form of payment last April, already expects more than 20,000 merchants to accept bitcoin payments. Other countries are joining the bandwagon, albeit partially: businesses and some of the public organizations in Switzerland, Norway, and the Netherlands. In a recent study, unique, active users of cryptocurrency wallets are pegged between 2.9 and 5.8 million, most of which are in North America and Europe. 

But what does the acceptance and adoption of digital currencies have to do with online threats? A lot, actually. As cryptocurrencies like bitcoin gain real-world traction, so will cybercriminal threats that abuse it. But how, exactly? What does this mean to businesses and everyday users?

What is cryptocurrency?

cryptocurrency is an encrypted data string that denotes a unit of currency. It is monitored and organized by a peer-to-peer network also known as a blockchain, which also serves as a secure ledger of transactions, e.g., buying, selling, and transferring. Unlike physical money, cryptocurrencies are decentralized, which means they are not issued by governments or other financial institutions. 

Cryptocurrencies are created (and secured) through cryptographic algorithms that are maintained and confirmed in a process called mining, where a network of computers or specialized hardware such as application-specific integrated circuits (ASICs) process and validate the transactions. The process incentivizes the miners who run the network with the cryptocurrency.

Bitcoin isn’t the be-all and end-all

There are actually over 700 cryptocurrencies, but only some are readily traded and even less have market capitalization above $100 million. Bitcoin, for instance, was created by Satoshi Nakamoto (pseudonym) and released in 2009 as open-source code. blockchain technology made it all work, providing a system where data structures (blocks) are broadcasted, validated, and registered in a public, distributed database through a network of communication endpoints (nodes). 

While bitcoin is the most famous cryptocurrency, there are other popular alternatives. Ethereum took “smart contracts” up a notch by making the programming languages needed to code them more accessible to developers. Agreements, or conditional/if-then transactions, are written as code and executed (as long as requirements are met) in Ethereum’s blockchain. 

Ethereum, however, earned notoriety after a hacker exploited a vulnerability in the Digital Autonomous Organization (DAO) running on Ethereum’s software, siphoning US $50 million worth of ether (Ethereum’s currency). This resulted in the development of Ethereum Classic, based the original blockchain, and Ethereum, its upgraded version (via a hard fork).

Ethereum Classic’s Wallet falls victim to social engineering scam

There are also other notable cryptocurrencies: Litecoin, Dogecoin, Monero. Litecoin is a purportedly technical improvement of Bitcoin that is capable of faster turnarounds via its Scrypt mining algorithm (Bitcoin uses SHA-256). The Litecoin Network is able to produce 84 million Litecoins—four times as many cryptocurrency units issued by Bitcoin. Monero is notable for its use of ring signatures (a type of digital signature) and CryptoNote application layer protocol to protect the privacy of its transactions—amount, origin, and destination. Dogecoin, which was initially developed for educational or entertainment purposes, was intended for a broader demographic. Capable of generating uncapped dogecoins, it also uses Scrypt to drive the currency along.

 Who’s attacking your IoT devices and smart home, and why?

Cryptocurrency mining also drew cybercriminal attention

Cryptocurrencies have no borders—anyone can send them anytime anywhere, without delays or additional/hidden charges from intermediaries. Given their nature, they are more secure from fraud and identity theft as cryptocurrencies cannot be counterfeited, and personal information is behind a cryptographic wall. 

Unfortunately, the same apparent profitability, convenience, and pseudonymity of cryptocurrencies also made them ideal for cybercriminals, as ransomware operators showed. The increasing popularity of cryptocurrencies coincide with the incidences of malware that infect systems and devices, turning them into armies of cryptocurrency-mining machines. 

Cryptocurrency mining is a computationally intensive task that requires significant resources from dedicated processors, graphics cards, and other hardware. While mining does generate money, there are many caveats. The profit is relative to a miner’s investment on the hardware, not to mention the electricity costs to power them. 

Cryptocurrencies are mined in blocks; in bitcoin, for instance, each time a certain number of hashes are solved, the number of bitcoins that can be awarded to the miner per block is halved. Since the bitcoin network is designed to generate the cryptocurrency every 10 minutes, the difficulty of solving another hash is adjusted. And as mining power increases, the resource requirement for mining a new block piles up. Payouts are relatively small and eventually decrease every four years—in 2016, the reward for mining a block was halved to 12.5 BTC (or $32,000 as of July 5, 2017). Consequently, many join forces into pools to make mining more efficient. Profit is divided between the group, depending on how much effort a miner exerted.

[From TrendLabs Security Intelligence Blog: How Windows OS-run machines, routers and IP cameras became bitcoin-mining zombies]

Cryptocurrency-mining malware use similar attack vectors

Bad guys turn to using malware to skirt around these challenges. There is, however a caveat for cybercriminal miners: internet-connected devices and machines, while fast enough to process network data, don’t have extensive number-crunching capabilities. To offset this, cryptocurrency-mining malware are designed to zombify botnets of computers to perform these tasks. Others avoided subtlety altogether—in 2014, Harvard’s supercomputer cluster Odyssey was used to illicitly mine dogecoins. During the same year, a similar incident happened to US agency National Science Foundation’s own supercomputers. In early February 2017, one of the US Federal Reserve’s servers was misused to mine for bitcoins. 

Cryptocurrency-mining malware employ the same modus operandi as many other threats—from malware-toting spam emails and downloads from malicious URLs to junkware and potentially unwanted app

Cryptocurrency-mining malware can make victims a part of the problem

cryptocurrency malware can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. And by turning these machines into zombies, cryptocurrency malware can even inadvertently make its victims part of the problem. 

Indeed, their adverse impact to the devices they infect—and ultimately a business’ asset or a user’s datamakes them a credible threat. There is no silver bullet for these malware, but they can be mitigated by following these best practices:

Regularly updating your device with the latest patches helps prevent attackers from using vulnerabilities as doorways into the systems

Changing or strengthening the device’s default credentials makes the device less prone to unauthorized access

Enabling the device’s firewall (for home routers), if available, or deploying intrusion detection and prevention systems to mitigate incursion attempts

Taking caution against known attack vectors: socially engineered links, attachments or files from suspicious websites, dubious third-party software/applications, and unsolicited emails 

IT/system administrators and information security professionals can also consider application whitelisting or similar security mechanisms that prevent suspicious executables from running or installing. Proactively monitoring network traffic helps better identify red flags that may indicate malware infection. Applying the principle of least privilege, developing countermeasures against web injections, securing the email gateway, implementing best practices for corporate mobile devices, and cultivating a cybersecurity-aware workforce are part of a defense-in-depth approach to reducing an enterprise’s exposure to these threats. Ultimately, however, the security of internet-connected devices against Cryptocurrency-mining malware isn’t just a burden for their users. Original design and equipment manufacturers also play vital roles in securing the ecosystems they run in.