P RE D I C T I V E I NTELLIGEN CE
high-risk) as now there is no need to
steal a user’s online banking balance
or extort them into paying up. Every
mining bot added to your network of
miners immediately shares its calculation
power with a mining pool and generates
revenue for the attacker – in many cases
without the user even being aware that
they are being exploited.
Even better, this technique can also
operate on web browsers using
cryptojacking, JavaScript-based miners
on site viewers, so the attacker doesn’t
even need to infect a user’s machine
directly – they earn a profit every time
someone visits the infected website.
Understanding the ‘crypto mind’
About every 10 minutes an amount of
12.5 bitcoin is mined and added to the
Blockchain ledger to the winning miner’s
wallet. This shapes the economy behind
the mining attack. The miner which
claims this reward is the one that has
the proof of work that they solved the
current block and this is then broadcast
to all fellow miners to continue with
mining the next block.
The cost of electricity sets the cost
for normal cryptomining operations
and of course this changes when you
use mining malware as the attacker
doesn’t pay the electricity bill. For these
malicious actors, the costs are different.
They are set by the price of getting an
infected machine, divided by the number
of CPU cycles that can be performed on
it before the infection is removed.
34
Cybercriminals have
yet again been quick
to innovate in the
use of emerging
technologies.
The current evolutionary stage of mining
malware is quick, dirty and very noisy.
Each infection communicates rapidly
with the CDC as it needs to be updated
with the current block calculations which
it needs to make.
The future of mining malware
As bitcoin becomes a mainstream
payment technology, there will be more
roadmap items in development for the
Blockchain technology. Vitalik Buterin,
the name behind Ethereum, ignites ideas
about his decentralised app platform
to allow different use cases for apps
over Blockchain. Vitalik also refers to
BitTorrent as the first decentralised
application. Similarly to BitTorrent, a
current project named Sia develops
a decentralised storage platform and
creates a cloud data storage marketplace
using the Siacoin Blockchain.
This will allow attackers to monetise not
just CPU usage to mine cryptocurrency
but also from idle storage on the
attacked servers, or even worse,
overwriting existing data by Sia storage.
Another ‘innovation’ from criminals has
already been witnessed in the wild
where, instead of mining cryptocurrency,
cybercriminals are breaking into
wallets. In his talk series in DefCon,
Ryan Castellucci mentions a test he did
with baiting attackers by transmitting
Issue 04
|
www.intelligentciso.com