Current magazine

Cryptomining malware – silent but deadly


By Sumit Bansal, managing director, ASEAN and Korea, Sophos

So far in 2018, we have seen the lure of crypto as a digital currency continue growing by leaps and bounds. Everyone, it seems, is looking to acquire substantial gains if investments are done right. We also see organisations starting to pay more attention to cyber threats as they scramble to stay ahead of the constantly evolving threat landscape.

Perhaps the most interesting lesson is how ransomware has evolved to become fast, brutal and instantly disruptive. The ransomware we saw had no intention of laying low to avoid the spotlight. The direct nature of their attacks results in immediate consequences such as organisational disruption and enforced downtime.

Most organisations found that financially, extensive repairs following an attack have been extremely expensive. Not only do they need to allocate valuable time to identify the threat’s point of entry, they also had to execute the tedious task of conducting backups and restoration.

Apart from disrupting organisational processes, ransomware also has a more profound impact on businesses from a holistic standpoint. Ethically challenging, the new-age ransomware puts decision makers in a tight spot – do they cave in and succumb to the thieves and their demands in the hopes that business processes can return to normalcy?

Even as the threats increased in chaos and complexities, malware is also targeting the new kid on the block: cryptocurrency.

Put simply, cryptocurrency is an encrypted decentralised digital currency that is transferred within digital wallets through blockchain. This ensures the currency is verified, legitimate and secure.

However, as cryptocurrency does not embody the physical form of traditional currencies, regulating practices around the phenomenon have caused concerns among governments and have resulted in different approaches to handling cryptocurrency.

For example, in mid-September, China’s central bank ceased operations for virtual currency trading platforms in Beijing and Shanghai; South Korea banned financial institutions from dealing with virtual currency on fears of creating a bubble; and similarly in Singapore, the Monetary Authority of Singapore issued warnings, cautioning the public about the risk of the Bitcoin bubble.

Implementing measures to simply handle the currency alone without factoring in threats is a recipe for disaster. As with any rapidly adopted trend, there is always the risk of agents who apply their own malicious agenda for personal gains. This is exactly what happened with cryptocurrency.

Cryptomining is the process to discover cryptocurrencies such as Bitcoin, Monero or Ethereum. This activity has been increasing worldwide as individuals and companies look to acquire digital currencies. The process involves a combination of advanced servers, an extremely fast network and sound financial backing.

Cryptomining malware involves crooks covertly infecting your computer with software that runs the calculations needed to generate cryptocurrency and keeping the proceeds for themselves. They do this because a lot of electricity and processing power from a lot of computers are required to make any substantial returns with coin-mining. There are two options for serious crypto-mining: rent space in a giant coin-mining server farm with the latest technology and incur high costs, or steal electricity, processing power and air-conditioning from others via crypto-mining malware that is slipped into their networks, browsers, coffee shops, and more.

Companies looking to invest heavily into cryptocurrencies will implement security measures on most occasions. However, this is often not the case for individual coin-miners. In Singapore, ready-made crypto-mining sets can be easily purchased in the open market for a starting price of around S$3000.

Individuals who purchase these home-mining kits are perfect candidates to host an attacker’s crypto-mining malware. The lack of security makes hijacking even easier. Many individuals are now enquiring on how to deal with the recently discovered malware, WannaMine, that comes from the same family as WannaCry.

One of the fastest risers among crypto-mining malware is CoinHive, a Monero miner that appeared in September. The number of sites in which CoinHive is lurking has increased steadily. CoinHive JavaScript has also been embedded on Monero-related searches by the likes of the infamous Pirate Bay, to take advantage of online searches related to crypto. Pirate Bay conveniently forgot to mention they are leveraging visitors’ browsers to mine cryptocurrency. Like most crypto-mining malware, it will sit quietly on your computer and leverage your network to covertly crypto-mine, resulting in a significant decrease in your hardware performance.

The cryptocurrency landscape will remain a hot topic of discussion, given the volatile and mysterious behaviour of the currency. However, as regulations around personal mining are yet to be implemented, crypto-mining malware, though significantly more low-key than previous malware, still has the potential to add another layer of concern for those in the technology and finance space.


About Author

Leave A Reply