Not all malware is designed to extort. Much of modern cyberattacks do have some sort of ransom or monetary aim, and to be sure, the ransomware do tend to get a lot of the headlines. Other malware is aimed for anarchy, like we detailed in our last post about NotPetya, the most expensive cyberattack in history. But other malware is, in some ways, more insidious because it lays in hiding on your machine or network, undetected, carrying out processes that you may not be able to notice. One such strand of malware — cryptojacking — has been implemented and weaponized in the ever-growing field of cryptocurrency mining. Here’s what you need to know:
Why are crypto-miners interested in your computer?
Without going too far down the rabbit hole on blockchain and cryptocurrency, suffice it to say that there is a lot of money to be made in crypto-mining. Essentially, for each of the blocks making up a blockchain, computers connected to that network attempt a series of incredibly complex computer problems designed to govern the behavior of that coin. If your computer gets the problem right, you’re rewarded with the blockchain’s coin (so if you’re mining for Bitcoin, you get Bitcoin. If you’re mining for Ethereum, you get Ether, etc.). Every new block in the blockchain has a new computer problem, so miners rinse and repeat.
If you’re interested in the ‘why’ of these forced computer problems, read this paragraph. If you don’t care that much, skip ahead to the next one. A blockchain is essentially a ledger of all transactions that have come before on that network, cryptographically stored in blocks of information. When a block of information is full and it’s time to create a new one, the network automatically creates a new block, locked with a randomly-generated, incredibly hard-to-guess password. To create new blocks and record new transactions thus requires brute-force computational guessing of that randomly-generated password. If your computer can collect all the new transactions in the ledger and is the one that guesses the random password correctly to fully assemble the block and integrate it into the chain, you win. And you get paid. A lot.
Regardless of the ‘why’, most major cryptocurrencies require this ‘proof of work’ — it’s how the network ensures security, decentralization and trust between all the actors within the ecosystem. Which brings us back around to why crypto-miners are interested in installing malware on your computer:
They want your CPU and GPU’s excess computing power.
Each new block with a randomly-generated password? The only way to increase your odds of guessing the password correctly are by throwing more computational horsepower at it. The faster your computer, the more random passwords you can throw at the problem in less time. So if a coin miner can pool the unused power from a lot of personal computers, s/he can ostensibly build a larger and larger supercomputer to help guess the password. The more computers infected, the more coin mining that miner can do.
How big a problem is cryptojacking?
Some reports state more than 50% of all companies have been unwittingly used to help mine for crypto-coins. From an industry publication ranking the biggest malware threats on the market today:
Check Point researchers found that crypto-miners managed to impact 55% of organizations globally, with two variants in the top three list of malware and ten different variants in the expanded top 100. In December, the crypto-miner Coinhive replaced RoughTed as the most prevalent threat, while the Rig ek exploit kit maintained its position in second. Another new entry to the top ten, the crypto-miner Cryptoloot is in third.
So while this malware might not be stealing money from infected users outright, it is stealing computational resources without authorization to make money. In one particularly nefarious example, hackers weaponized Google’s ad platform DoubleClick to install cryptojacking malware on users who viewed specific Youtube videos. Google acted swiftly (according to them) to curb this breach, but it still underlies how pervasive hard-to-detect malware can be if it isn’t overtly attempting to extort you.
What should my business be doing?
First and foremost, make sure your anti-virus software is both up-to-date and supports anti-cryptojacking functions. But more importantly, you should be thinking about your security holistically — how often are we backing up? To where? How many copies? How many in the cloud vs. physical, in hand? How often are we auditing our computers for both attacks and malware-in-waiting?
The bottom line is that while a strong anti-virus regimen is a great first step, cyberattacks are becoming far more pervasive, professional and complex; as such, cybersecurity is both becoming more important and harder to manage at a local level. If you think you may benefit from having professional take these concerns off your hands so you can focus on, ya know, running your business? Give us a ring — we’d be happy to chat any time!