'Crypto jacking' cyber attacks up by 8,500 per cent

Read Time: 2 min.

Attacks that focus on using victims PCs and enterprise servers to mine cryptocurrencies are growing incredibly rapidly, according to a new report.

Indeed, the final quarter of 2017 saw a titanic 8,500 per cent surge in 'crypto jacking' cyber attacks, according to Symantec. Of all the online attacks blocked in that period, a full 24 per cent were related to hijacking CPU power to mine digital currency. This is usually Monero, which not only can still be successfully mined by standard CPUs, but also allows anonymous transactions, making any nefarious use harder to trace than with public blockchain currencies such as Bitcoin or Ether.

“ The barrier to entry for coin mining is pretty low—potentially only requiring a couple of lines of code to operate—and coin mining can allow criminals to fly under the radar in a way that is not possible with other types of cyber crime. Victims may not even realize a coinminer is slurping their computer’s power as the only impact may be a slowdown of their device that they could easily attribute to something else ”, said the Symantec researchers in a blogpost.

Interestingly, the researchers noted that to date most crypto-mining malware has targeted PCs, mobiles and servers, but that could well change in the near future. “ Cyber criminals may increasingly target IoT devices. We observed a 600 percent increase in overall attacks on IoT devices in 2017, showing that they are still very much a target for cyber criminals. ”

This particular threat is one that other researchers have also been investigating. A demo by Avast at Mobile World Congress saw a network of IoT devices linked together in order to mine Monero as a proof of concept. The company said that based in its research so far, 15,000 devices would be needed to mine $1,000 of cryptocurrency in four days - which in the context of a large botnet often numbering hundreds of thousands of PCs or devices, isn’t a significant barrier to hackers.

Commenting on the Avast PoC, Ilia Kolochenko, CEO High-Tech Bridge said: "Many manufacturers of IoT devices ignore even the fundamentals of security and privacy. Millions of IoT devices which are designed to process or store confidential, or personal, information do not even have a basic password protection option, or have a hardcoded admin password without the possibility of changing it.

“ Web interfaces of IoT devices are riddled with critical vulnerabilities that can be exploited to take over the device. Many of them use open source software component that have not been updated in years and can be exploited in a fully automated mode in a few seconds.

“ However, the CPU capacities of IoT devices are not comparable to modern user machines, for example. Therefore, IoT will probably not attract too many attackers in the near future. On the other side, if you breach an IoT device, you can use it as long as it is operating, as virtually no one monitors security of installed IoT devices. "

By the way, you can use High-Tech Bridge's free Web Server Security Test to detect malicious crypto jacking on your website.

Meanwhile, in slightly better news, is has been announced that an improved security framework for TLS has been unanimously approved by the Internet Engineers Task Force. The Transport Layer Security version 1.3 security framework builds iteratively on existing TLS protocols but adds in several new features, including a streamlined “handshake” between client and server and earlier encryption to minimise clear text data transmission, “Forward secrecy,” which means that attackers can’t steal decryption keys from one exchange and use it to decrypt others later, removal of legacy support for insecure older algorithms, which is a common weak spot, and also a new “0-RTT,” or zero round-trip time, mode in which a server and client that have established some preliminaries before can send data without introducing themselves to each other again.

High-Tech Bridge’s free SSL security test has recommended the new Transport Layer Security version 1.3 standard for more than a year.