The London Cloud Security Summit 2018 was a day of educational, inspirational and sometimes terrifying discussions about the state of cloud security in 2018—attended by the industry’s brightest and best. In this series of blogs focused on the presentations from the event, I’ve already talked about the threats facing your business, and the expanding and diversifying cyber threat landscape. Now it’s time to dive head-first into the world in which security researchers strive to protect our online selves with a look at a breakout session titled “Lessons Learned from the Cybersecurity Front Line”—presented by Dan Pitman, a senior solutions architect with Alert Logic.
Cryptomining Increasingly Detected as Malicious Activity on Servers
Musing on a career in the dark trenches of cybersecurity, Dan’s presentation took a dive into several cybersecurity trends he’s witnessed in 2018, including cryptojacking. Cryptojacking is a form of cyber attack in which a hacker hijacks a target's processing power in order to mine cryptocurrency on the hacker's behalf.
Mining cryptocurrency involves performing complex calculations to demonstrate ‘proof of work’ to the currency network to generate currency. Cryptocurrency mining has increased both as a topic and activity as cryptocurrency usage itself has grown exponentially in the last few years.
Turn a Cyber Profit
Dan chose to focus on this element of cybercrime for one reason—its extreme profitability as a means of low-risk cybercrime. Dan shared an example that compared cryptomining to pickpocketing—a scenario where the attacker attempted to make quick money by scanning port 8545, looking for Go Etheruem—or Geth—clients and stealing their cryptocurrency. Researchers at Netlab 360 initially discovered the attack. They returned a few months later to see how the campaign was going and found that the thief had amassed more than $20 million in Etheruem.
The main point Dan made is that—moral or legal considerations notwithstanding—there’s tremendous profit to be made from cryptomining.
Fun and Games in Hackers’ World
Dan shared his opinion that cryptojacking is similar to ransomware in a couple of key ways. Dan walked through a couple recent ransomware attacks that seem to lack any financial motivation. The goal seems to be simply to annoy or educate, or for the attackers just to have some fun. Koolova, for example, shows a warning screen but asks only that you agree to stop downloading unsafe applications off the internet and do the associated “recommended reading” in order to decrypt the files. It essentially acts as an educational ransomware instead of a genuine criminal enterprise.
Attackers are constantly adapting tools and techniques to shift the threat landscape. Dan’s presentation demonstrated that as ransomware fades from popularity, cryptomining—and cryptojacking—are growing threats that represent huge potential profit with relatively little risk for the attackers.
If you were not able to attend the Cloud Security Summit, you can view all of the sessions at our Virtual Cloud Security Summit.