In a marked shift from previous years, hackers are much more likely these days to be bent on stealing your computing processing power than on embedding ransomware or other malware on your network, according to a March 2019 report from IBM. Why? Because, according to the report’s authors, it’s much safer for hackers to simply steal your computing processing power over the internet — and use it for mining cryptocurrencies, like Bitcoin — than to get involved in planting other criminal software on your network.
“One of the hottest commodities is computing power tied to the emergence of cryptocurrencies,” says Wendi Whitmore, global lead, IBM X-Force Incident Response and Intelligence Services. “This has led to corporate networks and consumer devices being secretly hijacked to mine for these digital currencies.” Kevin Haley, director, Symantec Security Response, adds: “Now, you could be fighting for resources on your phone, computer or I.O.T. device — as attackers use them for profit.”
“It’s something we are on the watch for should it begin to occur,” says Reggie Davidson, superintendent of recreation for Wichita (Kansas) Park and Recreation.
Shift in Hackers’ Tactics
All told, the number of computer users reportedly impacted by Black Hat (criminal) mining was more than 5 million in 2018, up from 2.7 million the previous year, according to a report from IT security firm Kapersky Lab . The number is probably much higher, given that it’s often very difficult to detect when a Black Hat miner has infiltrated your network or computer.
The reports from IBM and Kapersky are an eye-opening shift in hacker tactics, given that so many corporations and individuals are currently fixated on preventing ransomware and other malware attacks. So, few people realize that many hackers have now moved on to stealing computing processing power.
One of the most vexing aspects of this theft of computing processing power, also known as cryptojacking, is that it can be so clandestine. Many hackers running the scam often steal computer processing power only when a computer or smartphone is not in use. In fact, the most careful hackers steal power during off-hours, when computers are on, but most people are sleeping. Other hackers are especially crafty in camouflaging mining programs on a hard drive as legitimate software. Kapersky Labs, for example, has uncovered a mining program that looks like an Adobe product installed on your computing device — complete with a fake Adobe icon, fake Adobe executable file and fake Adobe digital signature, according to Evgeny Lopatin, a security expert at the IT firm.
“Malware, especially cryptominers, continually evolves to avoid detection, often hiding in memory or delivering malicious code directly into the memory of a system,” adds Intel Security General Manager Jim Gordon.
The impact on individuals and companies overall can be significant. Cryptojacking generally results in a slowdown in computing performance while the theft is underway, making it more difficult to work on your device and decreasing your overall productivity.
Computers can also become unstable during a theft. In addition, hackers hijacking computers for mining often have no qualms driving computer processors and supporting systems at maximum speed, which often shortens the life of the devices or overheats their batteries. Computers hijacked by Black Hat miners often have their fans running at maximum speed, as they are desperately trying to cool down computer processors that are running at excessive speeds. In addition, cryptojacking also shows up in inflated electricity bills. And, added costs show up for companies using cloud connections that are compromised by the thieves — bills for CPU usage can be much higher.
“The massive profit incentive puts people, devices and organizations at risk,” says Mike Fey, president and COO for Symantec. “Unfortunately, the problem of computer processing theft will most likely be with us as long as cryptocurrencies, like Bitcoin, Ethereum and Monero, remain popular,” Haley adds.
Hackers first discovered the market in Black Hat mining as cryptocurrencies burgeoned and grew to rely on thousands of computers worldwide to maintain their systems. Essentially, the currency systems need those networks to verify all the transactions associated with digital coin transactions and to perform overall auditing of their systems. Scores of legitimate computer networks regularly perform this work and are paid in new, digital cryptocurrency “coins” after they complete a pre-agreed on amount of auditing. For this reason, the computer networks are called “miners”: They mine new cryptocurrency coin by working as auditors for the cryptocurrency systems.
Black Hat miners do the same work as their legitimate counterparts, but with one major difference: Instead of using their own computer networks, Black Hat miners unleash onto the web malware that transforms thousands of computers, smartphones and other computer devices into a zombie mining network. Together, all that stolen processing power is used to mine cryptocurrency.
What to Look Out For
Currently, IT security experts say companies should be on the lookout for two types of Black Hat cryptomining. The first comes in the same format as malware. It’s generally secretly downloaded to a computerized device via a rogue link and executes as a working mining program at the hacker’s whim.
The second major form of Black Hat mining occurs while people surf the internet and visit a webpage that has been reprogrammed by a Black Hat miner. The cryptomining script, injected into the page, steals computer processing power while the user remains on that site. This form of Black Hat mining affected millions of Android users in 2018, according to IT security firm Malwarebytes.
Fortunately, the best practices for combating cryptojacking generally mirror those used by companies for protecting against other kinds of malware, including having:
- Gold-plated firewall systems
- IT network security software
- Regularly installed security updates for all software
- Employee education programs that train staff to beware of suspicious emails, suspicious websites and suspicious phone callers asking for passwords and other network access information
Jami McMannes, senior coordinator of marketing for Fort Collins (Colorado) Parks and Recreation says, “The IT department established its first formalized cybersecurity team that oversees cybersecurity for the entire city infrastructure and its technology assets. As part of the overall enterprise, all the city’s computer assets are monitored using the latest tools and technologies to monitor not only threats, but also the health of our systems.”
Wichita’s Davidson says his IT department also has several defenses in place: “The city maintains industry-standard defenses against malware and utilizes a robust, active directory group policy, which includes workstation-privilege limitation to limit what hackers are able to do at remote sites. In addition, we have antivirus policies and multiple firewall-based defenses to alert, detect and block this specific type of malware behavior,” he adds.
“People need to expand their defenses, or they will pay the price for someone else using their device,” cautions Symantec’s Haley.
In some ways, this latest sleight-of-hand from hackers appears, like so many others they’ve used, to take advantage of everyday computer users. The only real difference now is that it’s so insidious. With Black Hat mining, it can take months or even years for a park and recreation department to discover that a hacker is taking small sips from its network computer processing power when no one is looking.
Browser Extensions to Help Protect Against Black Hat Mining
Tools for Individual Computer Users
Computer users can install the following browser extensions that help protect against Black Hat mining:
They can also test to see if their web browser has been corrupted by a Black Hat miner with a free service from Opera Browser, and be on the lookout for Black Hat miners, simply by noticing decreases in machine performance and speed.
Tools for Network Administrators
- WhatsUp Gold, by Ipswitch, enables network administrators to monitor for CPU-usage spikes over time and to set up alerts when CPU usage exceeds a threshold. The app can also be specially tuned to monitor a network’s CPU usage during off-hours — prime time for many Black Hat miners.
- Cisco Umbrella added a cryptomining security setting that allows you to block identities from (1) accessing known cryptomining pools where miners group together and share resources — processing power — to better gather and share cryptocurrencies, and (2) from known web cryptomining source-code repositories.
Joe Dysart is a Manhattan-based Internet Speaker and Business Consultant.