The Australian government has just recognized cryptocurrency as a legal payment method. To avoid double taxation, purchases made using digital currencies like bitcoin have been exempted from the country’s Goods and Services Tax since July 1.
For buying and selling digital currencies through legal exchange platforms, investors and traders will not be subject to taxes.Japan approved bitcoin payments in April and expects that more than 20,000 merchants will accept bitcoin payments. Businesses and public institutions in the Netherlands, Norway, Switzerland, and Norway are also joining the bitcoin bandwagon.
In a recent study, unique, active cryptocurrency wallets are pegged between 2.9 and 5.8 million, most of which are in North America and Europe.What do digital currency acceptance and adoption have to do with online threats? There are many cybercriminals who abuse cryptocurrencies such as bitcoin will also gain real-world acceptance. How exactly does this happen? What does this all mean for businesses and everyday users alike?
What is cryptocurrency?
Cryptocurrency refers to an encrypted data string that denotes a currency unit. It is organized and monitored by a peer-to-peer network, also known as a Blockchain. This secure ledger also records transactions such as buying, selling, and transferring. Decentralized cryptocurrencies, unlike physical money, are not issued by governments and other financial institutions.
Cryptocurrencies can be created and secured using cryptographic algorithms. These algorithms are then maintained and confirmed by mining. A network of computers or hardware such as ASICs process and validate transactions. This process rewards miners who manage the cryptocurrency network.
Bitcoin isn’t the end-all and be-all of cryptocurrency
There are over 700 cryptocurrencies, but only some are readily traded, and even less have a market capitalization above $100 million. Bitcoin was, for example, created by Satoshi (pseudonym) and released as open-source code in 2009.
It all worked thanks to blockchain technology, which allows data structures (blocks) to be broadcasted, validated, and registered in a public database via a network of communication nodes (nodes).
Although bitcoin is the most well-known cryptocurrency, there are many other options. Ethereum raised the bar for smart contracts by making it easier to learn the programming languages required to create them. Those are called “smart contracts” or conditional/if/then transactions. They can be written in code and executed as long as the requirements are met on Ethereum’s blockchain.
Ethereum, however, earned notoriety after a hacker exploited a vulnerability in the Digital Autonomous Organization (DAO) running on Ethereum’s software, siphoning the US $50 million worth of ether (Ethereum’s currency).
This led to the creation of Ethereum Classic (based on the original blockchain) and Ethereum (via a hard fork).Other notable cryptocurrencies include Monero, Dogecoin, and Litecoin. Litecoin, a purportedly technological improvement to Bitcoin, can quicker turnarounds through its Scrypt mining algorithm. (Bitcoin uses SHA256).
The Litecoin Network can produce 84 million Litecoins, which is four times the number of Bitcoin units. Monero is notable for its use of ring signatures (a type of digital signature) and CryptoNote application layer protocol to protect the privacy of its transactions–amount, origin, and destination.
Dogecoin was created for entertainment or educational purposes. It was later made available to a wider audience. It can generate uncapped dogecoins and uses Scrypt to move the currency.
Cybercriminals also paid attention to cryptocurrency mining
Cryptocurrencies don’t have borders. Anyone can send them anywhere at any time, without delay or hidden charges from intermediaries. Because cryptocurrencies can’t be duplicated, they are more secure against identity theft and fraud. Personal information is also protected behind a cryptographic wall.
Unfortunately, the same apparent profitability, convenience, and pseudonymity of cryptocurrencies also made them ideal for cybercriminals, as ransomware operators showed. The increasing popularity of cryptocurrencies coincides with the incidences of malware that infect systems and devices, turning them into armies of cryptocurrency-mining machines.
Cryptocurrency mining requires a lot of computational resources, such as dedicated processors and graphics cards. There are many caveats to mining. Profit is dependent on how much a miner has invested in hardware and the electricity costs to run them.
Blocks are used to mine cryptocurrencies. For example, bitcoin limits how many hashes can be solved before the block can be allocated. The difficulty of solving another hash depends on how often the bitcoin network generates cryptocurrency.
And as mining power increases, the resource requirement for mining new blocks piles up. Payouts are relatively small and eventually decrease every four years–in 2016, the reward for mining a block was halved to 12.5 BTC (or $32,000 as of July 5, 2017). To make mining more efficient, many miners join together to form pools. The group splits the profits based on how hard a miner worked.
Cryptocurrency-mining malware use similar attack vectors
To avoid these problems, bad guys resort to malware. Cybercriminal miners have one caveat: although internet-connected devices are fast enough to process network information, they don’t have extensive number-crunching capabilities.
To offset this, cryptocurrency-mining malware is designed to zombify botnets of computers to perform these tasks. Others avoided subtlety altogether–in 2014, Harvard’s supercomputer cluster Odyssey was used to illicitly mine dogecoins.
During the same year, a similar incident happened to US agency National Science Foundation’s supercomputers. In early February 2017, one of the US Federal Reserve’s servers was misused to mine for bitcoins.
Cryptocurrency-mining malware employs the same modus operandi as many other threats–from malware-toting spam emails and downloads from malicious URLs to junkware and potentially unwanted applications (PUAs).
A vulnerability in Yahoo!’s Java-based advertisement network was discovered and exposed European users to malware containing a bitcoin-mining virus. A month before it, German law enforcement arrested hackers for purportedly using malware to mine over $954,000 worth of bitcoins.
We’ve seen the emergence of hacking tools and backdoors related to cybercriminal bitcoin mining as early as 2011, and we’ve since seen a variety of cryptocurrency-mining threats that add more capabilities, such as distributed denial-of-service and URL spoofing.
Cryptocurrency-mining malware’s impact makes them a credible threat.
Cryptocurrency-mining malware steal the resources of infected machines, significantly affecting their performance and increasing their wear and tear. Infections can also lead to increased power consumption.
We also discovered that they have a wider impact than just performance. Our sensors detected 4,894 miners who triggered more than 460,259 Bitcoin-mining activities. We also found that more than 20% of these miners also caused web- and network-based attacks. Even ransomware-linked intrusion attempts were found. These attacks were the most common.
- Cross-site scripting
- Exploiting a remote code execution vulnerability in Microsoft’s Internet Information Server (IIS)
- Brute force and default password logins/attacks
- Command buffer overflow exploits
- Hypertext Preprocessor, (PHP), arbitrary code injection
- SQL injection
- BlackNurse denial of service attack
These malware could compromise the integrity and security of a system or network, which could potentially cause disruptions in an enterprise’s mission-critical operations. System hijacking and information theft are other serious consequences. These attacks could also serve as a conduit for additional malware to be delivered.
Internet of Things (IoT) devices are also in the crosshairs of cryptocurrency-mining malware–from digital video recorders (DVRs)/surveillance cameras, set-top boxes, network-attached storage (NAS) devices, and especially routers, given their ubiquity among home and corporate environments.
In April 2017, a variant of Mirai surfaced with bitcoin-mining capabilities. Mirai’s notoriety sprung from the havoc it wrought in IoT devices, particularly home routers, using them to knock high-profile sites offline last year. Over the first three quarters of 2016, we detected a bitcoin-mining zombie army made up of Windows systems, home routers, and IP cameras.
We also saw different types of bitcoin mining devices from January 1 through June 24, 2017. However, our telemetry could not verify whether these activities were authorized. Also, we saw bitcoin mining activity increase by 40%, from 1,800 trigger events per day in February to 3,000 in March 2017.
Although bitcoin mining is not inherently illegal in most countries, it can compromise if the owner doesn’t consent or have their knowledge. Not only did we find that Windows machines had the highest bitcoin mining activity, but it is also worth noting:
- Systems for Macintosh OSes (iPhone 4 through iPhone 7)
- Ubuntu OS is a derivative Debian Linux OS OS.
- Routers for the home
- Environment-monitoring devices, used in data centers
- Smart TVs and mobile phones that run on Android
- IP cameras
- Servers for printing
- Gaming consoles
Cryptocurrency-mining malware can make victims a part of the problem
Cryptocurrency-mining malware can impair system performance and risk end-users and businesses to information theft, hijacking, and a plethora of other malware. This malware can make victims of cryptocurrency malware, turning them into zombies.
Their negative impact on the devices they infect, and ultimately the assets or data of a company, makes them a credible threat. This malware can’t be stopped, but you can mitigate them by following these best practices.
Maintaining a regular update of your device with the most recent patches will help prevent hackers from using vulnerabilities to gain access to the system.
The device is less likely to be accessed by unauthorized persons if its default credentials are changed or strengthened.
To prevent incursion attempts, enable the device’s firewall (for routers at home) or deploy intrusion detection systems and prevention systems.Taking caution against known attack vectors: socially engineered links, attachments or files from suspicious websites, dubious third-party software/applications, and unsolicited emails
IT/system administrators and information security professionals can also consider application allow the listing or similar security mechanisms that prevent suspicious executables from running or installing.
Monitoring network traffic proactively can help identify red flags that could indicate a malware infection. A defense-in-depth strategy to reduce an organization’s vulnerability to these threats includes applying the principle of least privilege and the development of countermeasures against web injections.
Ultimately, however, the security of internet-connected devices against cryptocurrency-mining malware isn’t just a burden for their users. Original design and equipment manufacturers also play vital roles in securing the ecosystems they run in.