What to Expect in the World of Crypto-jacking by Alex Vaystikh, CTO , SecBI
The smart TV you bought recently is taking a long time to respond. The wireless IP camera you use to monitor your safe drains its battery in minutes. The monitoring system responsible for your entire production line is unresponsive, causing endless defects. Your personal laptop which was working at amazing speed and would last for hours is suddenly blazingly hot, painfully slow, and lasts mere minutes following a full night of charging. If you’re experiencing any of these, you might be unknowingly mining cryptocurrency for a cybercriminal. You might be infected with crypto-jacking; the next generation of ransomware, with even more FUD…
Crypto-jacking or crypto-mining is the act of hacking into someone’s web browser for the purposes of stealthy bitcoin mining. It is an attack on the victim’s CPU as mining bitcoin or any crypto-currency drains the CPU resources, damages network performance and drains battery life.
Certain predictions can be made from the recent crypto-jacking/crypto-mining news:
- IOT devices and “smart” appliances will be a major target for crypto-jacking, similar to Mirai. Even SCADA devices will be targeted.
- MiTM attacks, e.g. rogue access point in Starbucks, will be used to inject bitcoin mining scripts that are entirely file-less into popular websites and application servers (e.g. mobile apps that display ads). This will be very hard to detect because there will almost no visible user-experience impact, other than the hit on performance and battery life.
- Hackers will clone popular applications, as they’ve done many times via Android play stores, only adding a bitcoin mining script and/or change beneficiary, similar to what they’ve done with ads.
- Crypto-jacking is the next-gen ransomware. Most ransomware attacks have a success rate of ≤5%. While every success translates to immediate cash, the ransomware model of infecting thousands of machines for decreasing payback, increasing difficulty in infection and constant investment in developing new ransomware, new evasion techniques, and new infection techniques makes ransomware less lucrative, and far more complicated and longer to execution in comparison to crypto-jacking.
Crypto-jacking might appear harmless at first, however people whose devices mine bitcoins complain to IT and ask their devices to be serviced more often. In addition, the total lifecycle of their device and battery will be drastically shortened. This can easily overwhelm the IT staff, increase costs, and worse still, it will drastically increase employee downtime due to non-functioning network resources.However, very few organizations have the right network monitoring tools to analyze the kind of information needed for accurate detection. What they need for rapid detection of crypto-jacking, data theft, data manipulation, and other similar attacks is a network analysis detection solution based on unsupervised machine learning.