General

Cryptocurrencies now pose a security threat

Rate this item
(0 votes)

Read Mia Andric's comments here...

Despite their origin as a means to pay for goods and services on the Dark Web, cryptocurrencies have firmly entered the mainstream. These days, cryptocurrencies such as Bitcoin have ATMs where people can draw cash, and the recent crash of the currency’s value affected millions of people around the world. This has led to regulators in many countries considering changing laws to prohibit the proliferation of cryptocurrencies, in an effort to protect the stability of the traditional financial markets.

Cryptocurrency poses security threatRecent events have conspired to further promote the outright banning of cryptocurrencies. Cryptocurrency mining hijacking has become a fairly common practice, with miners hacking into websites and company servers to increase their returns.

In order to generate a cryptocurrency, a computer essentially provides bookkeeping services to the coin network. Mining is essentially 24/7 computer accounting called “verifying transactions”. Transactions are verified and added to the public ledger, known as the block chain, and also the means through which new “coins” are released. Anyone with access to the internet and a suitable computer can participate in mining.

However, as cryptocurrencies have grown in popularity, the number of people mining has increased. As a result, generating a “coin” has become exponentially harder for each miner. It’s no wonder then, that we are seeing hijackings of other people’s computers in an effort to increase the mining chain and so generate more “coins”.

The first documented cryptocurrency malware attack was on an online portal that is visited by players of the game Eve Online. The game has millions of players worldwide, and the portal is a means through which they can trade in-game goods. This attack involved hiding the mining software in the code of the portal, and it subsequently hijacked the computers of every player on the site for the entire duration of their visit.

While this did nothing more than slow down those computers by putting strain on their graphics cards and processors, it was still illegal and considered a malware attack. A similar attack was recently found on the operational technology (OT) network of a water utility. Because an attack of this type increases device CPU and network bandwidth consumption, the response times of tools used to monitor physical changes on an OT network, such as HMI and SCADA servers, are severely impaired.

This, in turn, reduces the control a critical infrastructure operator has over its operations and slows down its response times to operational problems.

This is problematic for obvious reasons, but another attack – this time on government computers in the UK and the US prompted security researcher Scott Helme to comment: “The more I think about this the worse it becomes. Attackers had arbitrary script injection on thousands of sites including many NHS websites here in England. Just stop and think for a few moments about what exactly they could have done with that capability...”

Helme first noticed the malware, which he believes was running on more than 4 000 sites, including the U.K.’s Information Commissioner’s Office (ico.org.uk) and the website for the American court system (uscourts.gov). In order to get the crypto-mining software onto unsuspecting computers, the hack targeted an accessibility plugin called Browsealoud that makes the web easier to use for people with dyslexia or low English comprehension. After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious JavaScript in order to secretly run the mining software known as Coinhive on unsuspecting machines.

To make matters worse, smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts. Recently, there was a “drive-by” mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero. While the exact trigger wasn't clear, researchers believe that infected apps with malicious ads would steer people toward the pages.

A good antivirus or security solution is the first line of defence against most breaches, but these types of hijackings might not be picked up. So if your computer or phone starts slowing down substantially, follow the tried and tested approach of contacting your tech support team.

Image credit: Copyright: monsitj / 123RF Stock Photo

Magazines

African Fusion

AfricanFusionAfrican Fusion, the official publication of the Southern African Institute of Welding (SAIW), aims to provide up-to-date insight into welding technology and the welding industry.

Capital Equipment News

Capital Equipment News is dedicated to the application of equipment and modes of transport that are used in the mining, construction, quarrying, and transport industries.

Construction World

ConstructionWorldConstruction World was first published in 1982 and has grown to become a leader in its field, offering a unique mix of editorial coverage to satisfy the diverse needs of its readers.

Electricity + Control

ElectricityandControlE + C publishes innovative, technical articles that provide solutions to engineering challenges in measurement, automation, control, and energy management.

Lighting in Design

LightingandDesignLighting in Design is a glossy, upmarket publication aimed at lighting professionals. It is the only B2B magazine in SA that is dedicated solely to the subject of lighting.

MechChem Africa

MechChemJanuary2017cover MechChem Africa supports African engineering and technical managers across the full spectrum of chemical and mechanical disciplines.

Modern Mining

ModernMiningEstablished in 2005, Modern Mining is one of SA's leading monthly mining magazines, noted for the quality and accuracy of its writing and the breadth of its coverage.

Modern Quarrying

ModernQuarryingModern Quarrying is firmly entrenched as a leading industry-specific magazine. It focuses on promoting the science and practice of quarrying and processing in southern Africa.

Sparks Electrical News

SparksElectricalNewsReadable and informative, Sparks Electrical News is the newspaper for those involved in installing and maintaining electrical supplies and equipment.

 
Full Name*
Invalid Input

Company Name*
Invalid Input

Your Email*
Invalid Input

Phone*
Invalid Input

Postal Address 1*
Invalid Input

Postal Address 2*
Invalid Input

Postal Code*
Invalid Input

Street Address 1
Invalid Input

Street Address 2
Invalid Input

Postal Code
Invalid Input

Town / City*
Invalid Input

Country*
Invalid Input

Magazine

Invalid Input

Invalid Input