WyzGuys Tech Talk

Fighting cyber-crime is a lot like whack-a-mole.  By the time cyber-defenders come up with countermeasures that work against one exploit, the cyber-criminals have moved on to another different and more profitable exploit.  Old malware is updated with new versions, and the new versions often slide right by the same defenses that stopped the old version.

Cyber-crime has moved from spamming, fake anti-virus, credit card fraud, and “Canadian” pharmaceuticals, to password cracking, phishing, data breaches, denial-of-service, account hijacking, and recently email account hijacking with impersonation plays that allow for fake wire-transfer requests, fake invoices, and payment interceptions.  The latest focus of criminal activity is center on cyrpto-mining exploits, also known as Bit-Coin mining.

BitCoin came into existence in January 2009.  Satoshi Nakamoto mined the first block of bitcoins ever (the genesis block), which had a reward of 50 bitcoins.  In 2010 a bitcoin was worth about $18.  In 2017 the value of bitcoin went from about $2500 to over $19,000.  Lately that value has dropped to just under $10,000.  This increase in value has attracted the attention of cyber-criminals, and we have seen a rise in coin-wallet theft, the closing of bit-coin exchanges and mysterious disappearance the bitcoins they held, to a recent case where a bit-coin startup defrauded both its investors and customers.

One way to get in on the crypto-currency bonanza is crypto-mining.  Bitcoin is created by successfully solving an encryption problem, creating a block, and adding it to a blockchain.  We are not getting into the fine points of blockchain or how adding blocks rewards the “miner” with bitcoin.

Bitcoin mining requires large amounts of processing power.  The rig pictured on the left is available on Etsy starting at at $6500 going as high as $15,800 depending on the number of processors you add.  Anyone can become a bitcoin miner, by buying a rig like this one, or by setting up a rig in the Amazon cloud.

Another method is hijacking many devices using crypto-mining malware, running them as a single machine using parallel processing and letting these unwitting victims provide the processing power to mine crypto-currency.  This is of course what cyber-criminals do.  Crypto-mining malware can be installed the usual way any malware is installed, through phishing exploits, drive-by downloads, and onto smartphones through infected app store apps.  Sophos Naked Security covers the smartphone variant in a recent article and whitepaper.

Clues that your computer or server has be hijacked in this was will be a noticeable decrease in performance, the loud and uninterrupted sound of your cooling fans running at the max, and processor and memory utilization pegged at 100% in Task Manager.  If your smartphone is infected, phone performance will be sluggish, the battery will be noticeably hot to touch, and battery life will be unusually short.

If you are keeping your devices up-to-date with the latest operating systems, security patches, browser versions, and anti-malware programs you will be more likely to successfully defend against this exploit.  If you have been infected, the best solution is probably going to be restoring your computer, server, laptop, or cellphone to the original factory image.  That means reinstalling the operating system, software and apps, and replacing your data files.  When restoring your phone, be sure to install the anti-malware app first, something like Sophos Mobile Security would work.  Avoid apps you don’t need.  It is likely that one of the last apps you installed in your old phone was the culprit, so avoid those as well.

More information:

• Naked Security article on Crypto-mining
• Naked Security whitepaper
• Naked Security WannaMine article
• 700,000 Bad Apps Removed from Google Play Store
• Internet Protocol Journal Blockchain Tutorial
• Wikipedia – History of bitcoin
• Weekend Update 32 – The BitCoin Edition