The Cybercriminal Lottery: Cryptomining

The Cybercriminal Lottery: Cryptomining

Cyber criminals whose main motivation is making more financial gains are always on the lookout for new ways to refine their techniques and make more money. Constantly motivated to find loopholes and forge new tricks to con people out of their confidential details and cash, here we look at the growing problem of the cybercriminal lottery, cryptomining.

The Cryptomining Cash Cow

According to Cisco Talos report, Cryptomining has taken over from Ransomware as being the cash creator of choice for cyber criminals.

It’s alleged that this type of theft can earn hackers up to $500 per day. Those who are want to turn this into more of a full time job or way of life can expect to earn as much as $100,000 per year.

It’s become exactly the right mix of underhand dealings for maximum profit. It’s fast become one of the biggest headaches for IT workers who often have no idea that their digital footprint has been attacked or compromised until it is way too late.

New Privacy Laws

There are new privacy laws set to be introduced during 2018 and with these being enforced it’s becoming all the more important that companies and organizations know and understand every single partner that executes code on their websites.

It’s critical they know this not only so underhand sources can be picked up on straight away but also so they can continue to enforce compliance and discuss their expectations. These are the main key factors when regulatory penalties are handed out.

Criminals Can Now ‘Cash Out’

Mass computing power is needed in order to solve the many mathematical problems that occur when mining for cryptocurrency. Talented hackers are able to do this and break the bank. Once they’ve managed to get in and solve any codes they will exchange cryptocurrency for the answers.

Two Forms of Cryptomining

There are two main forms of cryptomining. Device infection and Website execution.

In both of these, CPU power is hijacked for extended periods of time, and even continues to be hacked when it appears the browser session is not in use.

Many of the cases will occur when devices are covertly infected with compromised website code, in the form of advertising or even third party content.

This drops and launches a malicious JavaScript file onto the user’s device, which then installs the miner and starts to work. Many consumers won’t even realize their device’s processing power has been hacked to mine for cryptocurrency. However, mobile phone users may perhaps notice an increase in data consumption.

Legitimate Websites

Now it’s also believed that many legitimate websites have turned to cryptomining to boost their bottom line.

Choosing to shun traditional adverts or other content, they might run cryptomining code during browser sessions. When engaged in browsing mode, the code executes to harness the device’s processing power to mine cryptocurrency.

In a few cases, the code might remain on the computer even after the browsing session has expired. Legitimate websites are not being honest with their visitors about this activity.

It’s even harder to believe that at the present moment, cryptomining is not even technically categorized as malware. This means that although it has the potential to do a great deal of harm, it’s still not illegal.

Victimless Crime

May would argue that cryptomining is a victimless crime. You can use automated bots which will siphon off processing power – without any need for user interaction. So therefore is there any harm in taking processing power that’s not really needed or being used in the first place?

The answer is, there’s a lot wrong with that! The worst case scenario there is that unmanaged processing power will unexpectedly drain batteries and could even damage devices.

Device owners are ultimately likely to feel very cheated when they find out someone has been taking their processing power, for their own gain.

The Blame Game

Operators of websites take the blame for both the unrest amongst their customers and any violation of regulations.

If anyone can come along and sneak code onto an otherwise safe website, it means that security is weak overall and that customer data can be compromised.

With tightened consumer data privacy and protection regulations coming into force, the threat of legal action and retaliation becomes much more real.

Currently, it is’ believed that there are around two hundred and twenty two popular and well used websites that have been found to contain cryptomining code. Even something as high profile as Tesla is not immune.

Finding Cryptocrime

There are many scams currently being used, but one of them is more than a little bit crafty. It mostly targets the mobile environment. This particular cryptominer executes behind the presentation of a gift card popup.

When the popup is clicked, a retail landing page appears. During this time a piece of excess JavaScript offering a ‘Free’ gift card highlighting several well-known retailers will appear. Right at the bottom of the code is an elongated string of gobbledegook in alphanumeric. From this a Monero Miner will come into play.

Consumers won’t realise their device is now infected. They might notice there is a slowing down of their machine and that it is perhaps not as responsive, but won’t really feel the need to investigate it further. To detect this cryptominer, the operator of the website would need to perform a line-by-line code analysis to identify and remediate the root cause. Knowing all digital partners would shorten this arduous process making it easier to discover anomalous code and possibly work out the time of compromise.

In the Code

There are around 500 million estimated PCs that mine for cryptocurrency across the world. Which makes experts wonder how many websites are actually compromised.

It now only takes a small bit of crypto code to be inserted for a website to be compromised.

The challenge for business websites is knowing if and when this occurs, but this is a daunting prospect for the dynamic nature of the World Wide Web.  It all starts with documenting the website partners executing in the website.

So it now looks like business IT is into unknown territory. Up to eighty percent of code rendering on a website is now provided by third parties. Keeping on top of onsite vendors and enforcing best practices is the only way to start, for a cleaner, safer Internet environment. One that can lock out underhand businesses like cryptomining and ensure the online safety of customers and brand integrity.