Whilst the future use and viability of Cryptocurrencies may still be up for debate, the influence Bitcoin (the most famous cryptocurrency) has had on the market is clear– with its valuation peaking at just shy of $20,000 in December 2017. In fact, the global market for Blockchain (the technology that underpins bitcoin) is anticipated to reach a valuation of $60.7 billion in 2024. Clearly there is still much interest in the transparent ledger system.
And as new forms of Cryptocurrency arise, it comes as no surprise that hackers have swiftly followed, aiming to make money from this rising trend in digital cash. Cryptocurrency mining (also called Cryptojacking) is the latest trend in hacking where code is injected into web sites and is used to hijack the users’ CPU (central processing unit). It is now becoming a major threat to many corporations and infrastructures around the world. Notable recent attacks have been carried out against Tesla, UK and Australian government web sites and critical EU water utility infrastructures. Here we take a look at what Cryptojacking entails and how you can protect your devices from increasingly sophisticated hackers who are trying to steal your Cryptocash.
How does Cryptocurrency work?
Cryptocurrency is a digital currency but unlike traditional currency it is not controlled by any government and is designed to be secure and anonymous. Many have heard of the original Cryptocurrency Bitcoin which started in 2009, however, it has spawned many others such as Ethereum, DigitalNote, Litecoin and PotCoin among many others. Currently there are more than 900 different currencies.
The entire system is controlled through the use of cryptography and is designed to be decentralised not requiring any banks to process. The actual underlying process involves something called a ‘Blockchain’, which is essentially a shared document or ledger that records transactions between parties. The Blockchain is highly distributed across a network of computers and ensures that each transaction is authenticated securely and safely, essentially replacing a traditional bank.
The Blockchain requires computing resources to perform the cryptography and verification of each transaction. This is run by miners. A miner is simply a computer or node. As payment for these services, miners are paid in digital currency. The first cryptocurrency miner that is able to validate the transaction is rewarded with a payment.
The payments are fractional amounts of currency based upon the number of transactions and the current market rate. This fluctuates dynamically based upon supply and demand. In the early days it was possible to make a small amount of money by performing these services. However, the rates are now so low (due to the number of miners involved) it is nearly impossible to make a profit, especially when you factor in the cost of equipment and power. In addition, specialised devices such as AntMiner, have been created for the sole purpose of mining, rendering standard desktop processors unviable. This has also been a boon for graphics processor companies like Nvidia and AMD who have started releasing cards developed specifically for cryptocurrency mining.
The Economics of Cryptocurrencies
The economics of mining are such that the single biggest cost involved is the power and CPU required to do the work. Due to the cost of power in different countries it makes sense to do mining where the cost of power is low. China has therefore emerged as the major player in mining and now performs over 80% of the workload.
Due to these economics, it makes sense that if you can pool a group of computers to do the work on your behalf then you can effectively steal both electricity and CPU cycles and get paid without any expenditure. This is exactly what cyber criminals are doing.
Early attacks focused on infecting web servers where code was injected into sites to do the mining. As the price of digital currencies has increased, the attacks have become more sophisticated and now infect individual machines as they visit websites through advertising and other code injection techniques.
Protecting your currency
The best way to stay protected from these attacks is to have Cryptomining protection on your device. A solution that works by monitoring outbound connections in real time will effectively block any data transfer to cryptomining sites, operating at the network layer will ensure connections from other infected applications on your system are also blocked.
With the 10th anniversary of Bitcoin having just passed, we have seen a boom in the number of Blockchain-related job postings, demonstrating that the hype surrounding Cryptocurrencies isn’t going away any time soon. And as more consumers and organisations continue to invest, they must ensure they’re protected against the increasingly sophisticated attackers that are trying to get in. Only then will they see through the hype and gain real value from their digital currency.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.