Cryptomining Malware - Silent But Deadly

By Sumit Bansal, Managing Director of ASEAN and Korea, Sophos

Sumit Bansal, Managing Director of ASEAN and Korea, Sophos

So far in 2018, we have seen the lure of crypto as digital currency continue to grow in leaps and bounds as everyone looks to acquire substantial gains, if investments are done right. We have also seen how organizations are beginning to pay more attention to cyber threats, especially with ransomware demonstrating their immobilizing capabilities, with some organizations stopped in their tracks, as they scrambled to regain control against the constantly evolving threat landscape.

Perhaps the most interesting learning for all involved in the tech-driven space is how ransomware has evolved to become fast, brutal and instantly disruptive. The ransomware we saw had no intention of laying low in order to avoid the spotlight. The direct nature of these attacks resulted in immediate consequences such as organizational disruption and enforced downtime. Most organisations found that financially, extensive repairs following an attack were extremely expensive. Organizations not only needed to allocate valuable time to sourcing the point of entry of the threat, they also had to execute the tedious task of conducting backups and restoration processes.

The cryptocurrency landscape will remain one of top discussion, given the volatile and mysterious behaviour of the currency

In addition to disrupting organizational processes, ransomware now has a more profound impact on businesses from a holistic standpoint. Ethically challenging, the new-age ransomware places decisions makers in a tight position – do they cave in and succumb to the thieves and their demands in the hopes that business processes can return to the state of normality?

Even with the increased chaos and complexities of the threats that emerged, malware targeted the new kid on the block: Cryptocurrency

In short, Cryptocurrency is an encrypted, decentralized digital currency that is transferred within digital wallets through block chain – ensuring that this currency is verified, legitimate and secure.

However, as cryptocurrency does not embody the physical form of traditional currencies, regulating practices around the phenomenon have caused concerns within governments and has resulted in different approaches to handling cryptocurrency.

Measures that we put in place to simply handle the currency alone without factoring in threats, is a recipe for disaster. For example, in mid-September, China’s central bank ceased operations for virtual currency trading platforms in Beijing and Shanghai, South Korea banned financial institutions from dealing in with virtual currency on fears of creating a bubble and similarly in Singapore, the Monetary Authority of Singapore issued warnings, cautioning the public about the risk of the ‘bitcoin bubble’.

As with any rapidly adopted trend, there is always the risk of agents who apply their own malicious agenda for personal gains. This is exactly what happened with Cryptocurrency. Cryptomining is the process to discover cryptocurrencies such as Bitcoin, Monero or Ethereum and has seen increased operations around the world, from individuals to companies who are looking to acquire digital currencies. The process of cryptomining involves the combination of advanced servers, an extremely fast network and financially-sound backing.

Cryptomining malware is when crypto-crooks covertly infect your computer with software to do the calculations needed to generate cryptocurrency; the crooks keep any cryptocoin proceeds for themselves. They do this because, to make any substantial returns with coinmining, you need a lot of electricity to deliver a lot processing power on a lot of computers. There are two options if you were to seriously venture into the cryptomining space, either rent space in a giant coinmining server farm with the latest technology and incur high costs, or you can steal electricity from others, processing power and air conditioning by using malware to sneak cryptomining malware into their networks, their browsers, their coffee shops, and more.

For companies who are looking to heavily invest into cryptocurrencies, on most occasions they will implement security measures; however, for individuals drawn to cryptocurrencies, this is more often not the case. In Singapore, ready-made cryptomining sets can be easily purchased in the open market for a starting price of around SGD$3,000. For attackers, individuals who purchase their own ready-made home mining kits are the perfect candidates to host cryptomining malware. The lack of or non-existent presence of security makes hijacking even more easier. For example, many individuals are enquiring on how to deal with the recently discovered malware named “WannaMine”, from the same family as “WannaCry”.

One of the fastest risers however in terms of cryptomining malware is CoinHive, a Monero miner that appeared in September. The number of sites that CoinHive has been lurking on has increased steadily. As the topic of crypto continues to dominate searches online, CoinHive JavaScript has been embedded on Monero-related searches by the likes of the infamous Pirate Bay – who conveniently forgot to mention that they were leveraging visitor browsers to mine cryptocurrency. Like most cryptomining malware, it will sit quietly on your computer and leverage your network to covertly cryptomine, resulting in a significant decrease in your hardware performance.

The cryptocurrency landscape will remain one of top discussion, given the volatile and mysterious behaviour of the currency. However, as regulations around personal mining are yet to be implemented, cryptomining malware, although significantly more low-key than previous malwares, still has the potential to add another layer of concern for those in the technology and finance space.