Guest post from Terrance DeJesus, Threat Research Analyst at NTT Security.
2017 – an interesting year for technology, entrepreneurs and politics. If you happened to be under a rock and did not notice millionaires and billionaires reporting their net worth as the result of the dramatic rise of cryptocurrency, then I’m here to inform you what happened.
First though, I need to explain some of the technology behind cryptocurrency, what makes it a hot trend, and perhaps most importantly, how threat actors are targeting your computer to help themselves get rich.
What is blockchain anyway?
Here’s the short explanation…
Blockchain technology is a distributed ledger, hosted on thousands of computer systems around the world. These systems verify, record and confirm transactions between parties. These recorded transactions can be thought of as “blocks” which obtain a timestamp for the transaction and use cryptography to ensure those transactions are secure.
A blockchain is typically made public on a peer-to-peer (P2P) network, allowing those involved to verify the integrity of the transactions, ultimately establishing a trust relationship, verified by the network (as opposed to a central authority).
How much money are we talking here?
The value of Bitcoin has risen sharply over time. Let me help put that into context.
Had you invested around $540 USD in Bitcoin back in 2010, you would currently have a portfolio in this single cryptocurrency worth around $2 billion USD. (Note: Calculations based on Bitcoin value on 29 Jan 2018.)
In 2017 alone, Bitcoin’s value increased nearly 1,300%. As a result, millions of people grew attracted to the new investing fad with options to either invest in or “mine” the cryptocurrency.
Mining involves using computer power to perform mathematical calculations and verify transactions on the blockchain. Each computer receives a small reward (in cryptocurrency) for verifying these transactions. This verification is called mining.
Attracting the wrong crowd
Unsurprisingly, hackers are interested too. These threat actors are now – more than ever – using their knowledge, skills and abilities to get in on the cryptocurrency fad. Hackers have been weaponizing cryptocurrency mining software, which the hackers install onto a victim’s computer without the victim’s knowledge. Once installed, this malware uses the victim’s own computing resources to “mine” cryptocurrency.
And you remember those cryptocurrency rewards I mentioned earlier? Well, in this case, those rewards go to the hacker, not the owner of the computer. Some industry researchers even identified miners crafted for mobile devices which actually broke the device once installed.
Instead of Bitcoin, Monero (XMR) is the preferred cryptocurrency mined by threat actors. Preference stems from the increased security and anonymity XMR provides, which includes prevention of fund tracking, encrypted user addresses, convoluted tracking of transactions and more.
Over the last several months, the NTT Security Global Threat Intelligence Center (GTIC) has been analyzing several dozen different mining operations. One of the primary tactics threat actors are using is crafting clever phishing emails. If a user falls for one of these phishing emails, cryptocurrency mining malware is installed on the victim’s computer.
Oh, and all that research the GTIC has been doing over the past few months? We’re about to release it, and we’re sharing all the details of our research, including how you can get started hunting for cryptocurrency mining malware in your own environment.