1(630)802-8605 Ravi.das@bn-inc.net

As cyber technologies evolve, so do cyber criminals change with the times. The growing popularity of new age digital currencies like crytpocurrencies have brought in their wake a new set of challenges – the rise of cryptojacking and other threats targeting cyber security. This has in particular implications for organizations in terms of cyber security.

Further the cryptojacking phenomenon has its legal implications during investigations by law enforcement agencies.

Introduction

Hacker groups are increasingly resorting to quick money to mine for digital coins known as cryptomining. In what has emerged as a new threat called “cryptojacking”, hackers install malware secretly in computers to harness its power secretly to perform complex functions that are required to create new units of cryptocurrency. Run as campaigns, these activities are resource-intensive compromising privacy, safety and security of the systems often drawing additional units of electricity impacting the functionality of the computer systems.

Also known as parasitic mining or drive-by mining, cryptojacking has emerged as new age cyber crime associated with cryptocurrency. There are innocuous-looking websites that host mining script that would infect user systems when they visit such websites which the latter would be totally unaware of such infection. These browser-based scripts are hard to detect and can do more harm for the computers and be unwittingly part of the cryptojacking networking rewarding rich dividends for the cyber criminals.

The other new facet in this new age crime is the use of IoT devices, albeit in compromised fashion to mine for cryptocurrencies. With the exponential growth of IoT devices in the market place, it is pertinent to note that these devices are easy targets for illegal cryptomining as well. This is another dimension where individual consumers are made unsuspecting victims.

It is estimated that the market capitalization of cryptocurrency mining will be USD $11.5 billion by the end of 2018 (Pilot, 2017).

Cryptocurrency and Threats

The proliferation of different cryptocurrencies has led to the development of cryptomining (cryptocurrency mining) activities by cyber criminals which can be integrated in websites with the intent to monetize the computational power of computers used by visitors (Konoth, et al., 2018).

One of the methods through which cryptomining happens is web-based mining that happens through a script executed in a browser (Papadopoulos, et al., 2018).

Cryptojacking is performed through websites that is configured to abuse the computing resources of its visitors by covertly mining for cryptocurrencies (Musch, et al., 2018).  These drive-by mining are parasitic in nature. Cryptojacking is typically executed by running a Javascript in a browser, stealing computing resources from the CPU without the users’ knowledge or consent to mine cryptocurrencies.

The impact on such cryptojacked computers are varied – overheating to slower performance or lags in command execution. The risk of getting detected is minimal (Bhatia and Virk, 2018).

Cryptography mining software is distributed through many ways:

  • Inserting malicious code in downloaded software
  • Embedding code in mailing lists
  • Spreading via social media networks
  • Cryptojacking web resources (Bissaliyev, et al., 2018)

Online advertising is another attack vector through which cryptomining software is distributed (Iqbal, et al., 2018).

Cryptomining services offer low-effort way for cyber criminals to make money of websites as part of drive-by mining techniques. However, it is to be noted that in-browser mining per se is not malicious – charities like UNICEF launched dedicated websites to mine for donations and many legitimated websites are attempting to use their content for monetizing through cryptomining (Liao, 2018).

The widespread use of IoT devices by consumers world wide pose significant risks in being the unwitting conduit for illegal cryptomining activities. Consumer IoT devices are being used as an attack vector for carrying out cryptomining without the user’s consent or knowledge.

Implications for Organizations

With the age of industry cryptomining upon us, there are many implications for organizations when targeted by cryptomining threats.

Unauthorized trading and coin mining by both insiders – employees and intruders (hackers and cyber criminals) can be problematic for organizations from cyber security point of view (Sampson, 2018).

It’s not just about misusing organization’s computing resources illegally without consent but about the way it is being carried out impacting CPU performance, speed and functionality without their knowledge. Such surreptitious abuse of computing resources leads to increased power consumption, computational load and network bandwidth reduction/slowdown wearing out hardware at a faster rate (Seals, 2018). This invariably has cost implications for replacing hardware, paying increased electricity bills for organizations who are victims of cryptojacking.  

Since no file is copied to the computers and no signature exists, it is difficult to detect cryptomining activity by endpoint monitoring software as it is invisible (Carlin et al., 2018).

The other key player that has emerged in cryptocurrency is the rise of nation-states in targeting sovereign nations for money laundering and other illegal activities compromising cyber security (Mansfield-Devine, 2018). The anonymity offered by the Internet is successfully exploited by both organized cyber criminal groups and nation states to indulge in crimes related to cryptocurrency.

Mitigation Solutions for Cryptomining

Appropriate levels of thresholds for client-side processing just enough to allow running legitimate applications and deter cryptojacking is a subject of research studies.

Various mitigation solutions against cryptomining are being developed and tested by cyber security firms and professionals with varied success. Few of the technical solutions that are being used are throttling clientside scripting, warning users when clientside scripting consumes excessive resources, and blocking the sources of known cryptojacking scripts (Danielsson, 2018).

The other option at browser-level includes browsers like Opera have in-built “NoCoin” blacklist that doesn’t allow any scripts to be executed for cryptomining (Opera, 2018).

Systems based on Hardware Performance Counters (HPCs) are used for detecting mining behavior on clouds/enterprises. They are a set of special purpose registers internal to the processor that record and represent the runtime behavior and characteristics of the programs being executed. Common examples include counts of page faults, executed instructions, cache misses, etc (Tahir et al., 2017).

Using up-to-date antivirus software can be of help in identifying binaries used for cryptojacking and detect them (Zuckerman, 2018). 

Endspeak

Dedicated mining service providers like Coinhive are widely used for cryptomining for a commission in the proceeds (Ruth et al., 2018).  Four distinct areas of use of cryptocurrencies have been identified – trading, use, regulation and mining (Serapiglia, et al., 2015).  Of these, while cryptocurrency evangelists have been pushing for trading and use as mainstream legal tender, the regulation and mining aspects need to be defined by adequate legal frameworks and governments.

Strong regulatory framework to govern cryptocurrencies and penalties against illegal and unauthorized cryptomining will help in streamlining the cryptocurrency markets while protecting the legitimate interests of organizations.

Written By: Ram Kumar

References:

Bhatia, S., & Virk, R. S. Cloud Computing Security, Privacy And Forensics: Issues And Challenges Ahead.

Bissaliyev, M. S., Nyussupov, A. T., & Mussiraliyeva, S. Z. (2018). Enterprise Security Assessment Framework for Cryptocurrency Mining Based on Monero. KazNU Bulletin. Mathematics, Mechanics, Computer Science Series, 98(2), 67-76.

Carlin, D., O’Kane, P., Sezer, S., & Burgess, J. (2018). Detecting Cryptomining Using Dynamic Analysis.

Danielsson, B. (2018). Real-time object detection and identification.

Iqbal, U., Shafiq, Z., Snyder, P., Zhu, S., Qian, Z., & Livshits, B. (2018). AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking. arXiv preprint arXiv:1805.09155.

Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H., & Vigna, G. (2018, October). MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 1714-1730). ACM.

Mansfield-Devine, S. (2018). Nation-state hacking–a threat to everyone. Computer Fraud & Security, 2018(8), 17-20.

Musch, M., Wressnegger, C., Johns, M., & Rieck, K. (2018). Web-based Cryptojacking in the Wild. arXiv preprint arXiv:1808.09474.

Opera. New year, new browser. opera 50 introduces antibitcoin mining tool. http://blogs.opera.com/desktop/2018/01/opera50-introduces-anti-bitcoin-mining-tool/, 2018.

Papadopoulos, P., Ilia, P., & Markatos, E. P. (2018). Truth in Web Mining: Measuring the Profitability and Cost of Cryptominers as a Web Monetization Model. arXiv preprint arXiv:1806.01994.

Pilot, R., Safe Haven Magazine, (Oct 18th 2017), ‘The mind boggling profitability of crypto mining’

Rüth, J., Zimmermann, T., Wolsing, K., & Hohlfeld, O. (2018). Digging into Browser-based Crypto Mining. arXiv preprint arXiv:1808.00811.

Sampson, J. (2018). Secret digital coin mining and trading is a threat to your business. Computer Fraud & Security, 2018(4), 8-10.

Seals, Tara. “ABC employee caught mining for Bitcoins on company servers”. Infosecurity Magazine. 2018.

Serapiglia, A., Serapiglia, C. P., & McIntyre, J. (2015). Crypto currencies: core information technology and information system fundamentals enabling currency without borders. Information Systems Education Journal, 13(3), 43.

Shannon Liao. UNICEF wants you to mine cryptocurrency for charity. https://www.theverge.com/2018/4/30/17303624/unicef-miningcryptocurrency-charity-monero/

(April 2018).

Tahir, R., Huzaifa, M., Das, A., Ahmad, M., Gunter, C., Zaffar, F., … & Borisov, N. (2017, September). Mining on someone else’s dime: Mitigating covert mining operations in clouds and enterprises. In International Symposium on Research in Attacks, Intrusions, and Defenses (pp. 287-310). Springer, Cham.

M. J. Zuckerman, “Microsoft blocked more than 400,000 malicious cryptojacking attempts in one day,” Apr 2018. [Online]. Available: https://tinyurl.com/ya6oj6wm