Cryptojacking is the ‘New Black’ in Cybercrime

The London Cloud Security Summit 2018 was a day of educational, inspirational and sometimes terrifying discussions about the state of cloud security in 2018—attended by the industry’s brightest and best. In this series of blogs focused on the presentations from the event, I’ve already talked about the threats facing your business, and the expanding and diversifying cyber threat landscape. Now it’s time to dive head-first into the world in which security researchers strive to protect our online selves with a look at a breakout session titled “Lessons Learned from the Cybersecurity Front Line”—presented by Dan Pitman, a senior solutions architect with Alert Logic.

Cryptomining Increasingly Detected as Malicious Activity on Servers

Musing on a career in the dark trenches of cybersecurity, Dan’s presentation took a dive into several cybersecurity trends he’s witnessed in 2018, including cryptojacking. Cryptojacking is a form of cyber attack in which a hacker hijacks a target's processing power in order to mine cryptocurrency on the hacker's behalf.

Mining cryptocurrency involves performing complex calculations to demonstrate ‘proof of work’ to the currency network to generate currency. Cryptocurrency mining has increased both as a topic and activity as cryptocurrency usage itself has grown exponentially in the last few years.

Turn a Cyber Profit

Dan chose to focus on this element of cybercrime for one reason—its extreme profitability as a means of low-risk cybercrime. Dan shared an example that compared cryptomining to pickpocketing—a scenario where the attacker attempted to make quick money by scanning port 8545, looking for Go Etheruem—or Geth—clients and stealing their cryptocurrency. Researchers at Netlab 360 initially discovered the attack. They returned a few months later to see how the campaign was going and found that the thief had amassed more than $20 million in Etheruem.

The main point Dan made is that—moral or legal considerations notwithstanding—there’s tremendous profit to be made from cryptomining.   

Fun and Games in Hackers’ World

Dan shared his opinion that cryptojacking is similar to ransomware in a couple of key ways. Dan walked through a couple recent ransomware attacks that seem to lack any financial motivation. The goal seems to be simply to annoy or educate, or for the attackers just to have some fun. Koolova, for example, shows a warning screen but asks only that you agree to stop downloading unsafe applications off the internet and do the associated “recommended reading” in order to decrypt the files. It essentially acts as an educational ransomware instead of a genuine criminal enterprise.

Attackers are constantly adapting tools and techniques to shift the threat landscape. Dan’s presentation demonstrated that as ransomware fades from popularity, cryptomining—and cryptojacking—are growing threats that represent huge potential profit with relatively little risk for the attackers.

If you were not able to attend the Cloud Security Summit, you can view all of the sessions at our Virtual Cloud Security Summit.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley