Cryptojacking – a new cybersecurity threat
One of the major advantages of cryptocurrency is its security, or so we thought. Unlike conventional currencies that are only password protected, cryptocurrency is tied to the block chain, that’s all but impossible to crack.
Now though, cybercriminals are using security avoidance techniques called “cryptojacking” to mine for cryptocurrencies.
Cryptojacking is a form of illicit cryptocurrency mining, that is being used by members of the hacking community to access cryptocurrency illegally and use it to fund other forms of crime. The process works when hackers use computer hardware to “mine.” The can endorse thousands of transactions on the blockchain for a chance to win some cryptocurrency.
The security firm Imperva has reported that crypto jacking techniques commonly involve malware that’s installed on target hardware. The malware installed is cryptocurrency mining software that carries out its function on the target systems then rerouted any digital coins that are generated to wallets controlled by criminals.
Imperva has warned of a new era of cryptojacking after uncovering an algorithm more complex than its predecessors and capable of avoiding detection.
The main target for this cryptojacking malware seems to be database servers and application servers. The new technique has been dubbed RedisWannaMine as a result since it uses open source Redis in-memory data structure storage software – it also resonates with the recent WannaCry attacks.
The researchers at Imperva suggested that the cryptojacking attackers have upped their game in recent times, and are becoming more ambitious than before. The RedisWannaMine was tracked down by researchers using a remote code execution (RCE) in Imperva’s web app sensors.
They found a seemingly insignificant downloader attached that looked very much like a conventional crypto jack attack at first sight. Through a persistent string of attacks this downloader would have been able to gain remote access to currency.
The researchers continued to monitor the downloader without action to observe its process. They found that it functioned in a unique way, slightly different from the type of cryptojacking they were familiar with. Through Linux managers a script installed a series of packages on the systems that didn’t require any local files. This script that downloads and installs Masscan. Masscan is a port scanner tool, a TCP that is publicly available.
The infectious script is lodged on the target hardware, it then looks for available listening ports to infect a server with. When one is located the script installs its crypto mining malware which then continues to infect other systems. This malware is also capable of avoiding security measures and anti-virus software that would otherwise intercept it and render it inactive.
So how do individuals and businesses protect themselves from this specialist malware? One solution is through courses at Pacific Training Group. According to Imperva it’s advisable to use a specialist web application firewall to protect their web applications and databases. This knowledge can be obtained through cybersecurity training courses.
Furthermore, individuals and businesses should ensure that their machines are not using software applications or versions of servers that would cause a weakness in their operations. The cryptojacking technique may be new but it’s not impossible to detect and eliminate. As ever, caution and vigilance is advised.