Hackers’ Latest Trick

Stealing Your Computing Power to Mine Cryptocurrencies
laptop photo illustration

In a marked shift from previous years, hackers are much more likely these days to be bent on stealing your computer processing power rather than embedding ransomware or other malware in your network, according to a new report from IBM. The reason: It’s much safer for hackers to simply steal your computing power over the internet — and use it for mining crypto­currencies such as bitcoin — than it is to get involved in planting other criminal software on your network, the report’s authors said.

“One of the hottest commodities is computing power tied to the emergence of crypto­currencies,” said Wendi Whitmore, global lead for IBM’s X-Force incident response and intelligence services. “This has led to corporate networks and consumer devices being secretly hijacked to mine for these digital currencies.”

Brian Everett, CEO of the Transportation Marketing & Sales Association, cited this emerging trend as a threat to businesses in the industry.

Image


Dysart

“More and more of our members in TMSA are acknowledging this,” he said. “The theft of computing power has a real financial impact to companies.”

Kevin Haley, director at Symantec Security Response, said: “Now you could be fighting for resources on your phone, computer or [Internet of Things] device — as attackers use them for profit.”

All told, the number of computer users reportedly impacted by “black hat” (criminal) mining was more than 5 million in 2018 — up from 2.7 million the prior year, according to a report from IT security firm Kapersky Lab. That figure is likely much higher, though, given that it’s often difficult to detect when a black hat miner has infiltrated your network or computer.

The reports from IBM and Kapersky highlight an eye-opening shift in hacker tactics, given that so many corporations and individuals are fixated on preventing ransomware and other malware attacks. Few realize that many hackers have moved on to stealing computer processing power.

One of the most vexing aspects of this theft of computing processing power — also known as cryptojacking — is that it can be so clandestine. Many hackers running the scam often are careful to steal computer processing power only when a computer or smartphone is not in use.

In fact, the most careful hackers steal power during off-hours, when computers are on but most people are sleeping.

“It’s harder to trace and is less destructive,” said Dan Brewer, director of information technology at Wilson Logistics. “At Wilson Logistics, we are taking every precaution we can to not only prevent — but also mitigate — any intrusions into our infrastructure.”

Other hackers are especially crafty in camouflaging mining programs on your hard drive as legitimate software. Kapersky Labs, for example, has uncovered a mining program that looks like an Adobe product installed on your computing device — complete with a fake Adobe icon, a fake Adobe executable file and a fake Adobe digital signature, according to Evgeny Lopatin, a security expert at the IT firm.

“Malware, especially cryptominers, continually evolves to avoid detection, often hiding in memory or delivering malicious code directly into the memory of a system,” Intel Security General Manager Jim Gordon said.

The impact on individuals and companies overall can be significant. Computer power theft generally results in a slowdown in computing performance while the theft is underway, making it more difficult to work on your device and decreasing your overall productivity.

Computers also can become unstable during a theft. Plus, hackers hijacking computers for mining often have no qualms driving computer processors at maximum speed, which often results in shortening the life of the devices or overheating batteries. This is why computers hijacked by black hat miners often have their fans running at mwaximum speed.

In addition, the results of the thievery can appear in inflated electricity bills and higher charges for CPU usage for companies using cloud connections.

“The massive profit incentive puts people, devices and organizations at risk,” said Mike Fey, president of Symantec.

While stolen computing power may pose less of a direct threat to a transportation company than other forms of hacking, the potential damage still is serious.

“If I had to make a choice, I would certainly choose the loss of power rather than a complete shutdown,” said Jeremy Stewart, IT director at McElroy Truck Lines. “However, a less compromised system still poses a significant threat to any company.”

Unfortunately, the problem of computer-processing theft most likely will be with us as long as cryptocurrencies such as bitcoin, ethereum and monero remain popular, Haley added.

Hackers first discovered the market in black hat mining as cryptocurrencies burgeoned and grew to rely on thousands of computers across the world to maintain their systems. Essentially, the currency systems need those networks to verify all the transactions associated with digital coin transactions and to perform overall auditing of their systems.

Scores of legitimate computer networks regularly perform this work and are paid in new, digital cryptocurrency “coins” after they complete an agreed-upon amount of auditing. That’s why the computer networks are called miners: They “mine” new cryptocurrency coin by working as auditors for the cryptocurrency systems.

Black hat miners do the same work as their legitimate counterparts, but with one major difference: Instead of using their own computer networks, black hat miners unleash malware onto the web that transforms thousands of computers, smartphones and other computer devices into a zombie mining network. Together, all that stolen processing power is used to mine cryptocurrency.

IT security experts say companies should be on the lookout for two types of black hat cryptomining. The first comes in the same format as our old “friend,” malware. Generally, it is secretly downloaded to a computerized device via a rogue link and executes as a working mining program at the hacker’s whim.

The second major form of black hat mining occurs while users surf the web. Essentially, surfers get hit when they visit a web page that has been reprogrammed by a black hat miner. The thieving script injected into the page steals computer processing power as long as the user remains at the website. In fact, millions of Android users were afflicted with this form of black hat mining in 2018, according to IT security firm Malwarebytes.

Fortunately, best practices for combating computer processing power theft generally mirror those used by companies for protecting against other kinds of malware. Companies best prepared are those that have firewall systems, IT network security software, regular security updates and cyber­security education programs.

“Spreading awareness about the risk of cybersecurity is a great way to combat the threat,” TMSA’s Everett said. “You should be prepared with a communication plan should a breach occur.”

Individual computer users can further protect themselves by installing browser extensions that help protect against black hat mining from websites, such as NoCoin, AntiMiner, MinerBlock and Coin-Hive Blocker. And they can also test to see if their web browser has been corrupted by a black hat miner with a free service from browser Opera.

Individual users can double as great lookouts for black hat miners, simply by noticing decreases in machine performance and speed.

“We are small enough where we would notice any loss of power to our databases, applications, or anything else that the users will see as impacting response times,” Transport America Chief Information Officer Tom Benusa said. “They are not afraid to let us know if something is running a little slow.”

Meanwhile, network administrators can use tools such as WhatsUp Gold, by Ipswitch. WhatsUp enables them to monitor for CPU-usage spikes over time and set up alerts for when it exceeds a threshold. The app also can be specifically tuned to monitor a network’s CPU usage during off-hours — the witching hour for many black hat miners.

“In years past, transportation companies often had a ‘security through obscurity’ mindset, as many attacks were focused on some flavor of individual financial fraud,” said Tom Baughman, vice president of information technology at Kenan Advantage Group. “The rise of ransomware and ­cryptojacking have demonstrated transportation organizations themselves are now targets and must make the investments in their cybersecurity programs to prevent, detect and respond to these threats.”

In some ways, this latest sleight-of-hand from hackers seems like so many others they’ve used in the past to take advantage of everyday computer users. The only real difference this time is that it’s so insidious. With black hat mining, it can take months — or even years — for a company to discover that a hacker is taking small sips of its network computer processing power when no one is looking.

Joe Dysart is an internet speaker and business consultant based in Manhattan. Voice: (631) 438-1142. E-mail: joe@dysartnewsfeatures.com. Web: www.dysartnewsfeatures.com.