Troy Kent, a threat researcher at Awake University, claims that aside from creating alternate currencies, crypto mining software can be used for a much more malicious purpose. He recently presented his findings at the InfoSecurity North America Conference in New York earlier this month, claiming that:
With this attack, people are using a tool, a crypto miner that they’re used to seeing on their network, but they’re not used to responding to it as though it is a legitimate threat, like a botnet or a Trojan. They can come in and they can steal files, they steal intellectual property, they can steal credentials and then log in as maybe the CEO, or they can download more software. They can bring down services.
It sounds like pretty dangerous stuff, and Kent is unsure if hackers are already using this technique to attack companies or they’ve yet to discover it. Either way, the word is out, and he’s asking companies to be on their guard, advising them to implement more advanced detection methods based on behavior and analytics. He comments:
If I can do it, then absolutely an attacker could do it, whether they’re very sophisticated or not sophisticated at all. The threat is stealthy and cybersecurity teams may have trouble finding it.
He explains that the attack begins like crypto-jacking, a process in which a hacker downloads crypto-mining malware onto an unsuspecting victim’s computer without their knowledge or permission. They then use that person’s computing power to extract new coins, resulting in big profits for the hacker and high energy bills for the victim. He states:
Depending on the type of detection that they’re using, it’s very possible that they [businesses] would miss this attack, or at least deprioritize it, or dismiss it as only a miner.
Cryptocurrency mining has paved the way for lots of sneaky behavior over the past few years. Recently, Chinese mining giant Bitmain was hit with a $5 million class-action suit by former customers that claim the company reconfigured its mining equipment to mine cryptocurrency using its clients’ computers without their permission. Whatever crypto the machines extract is then allegedly moved to one of Bitmain’s many digital wallets.
Over 100 Bitmain customers are now suing the company to cover their energy bills and legal fees.
Are we likely to see further vulnerabilities in the future? Why or why not? Let us know in the comments below.
Image courtesy of Shutterstock