• 3 hours Electric Vehicle Rebound Bolsters Battery Metal Growth
  • 20 hours BlackRock Makes A Run On Asian Stocks
  • 1 day Gold Prices Surge Above $1,800
  • 2 days Chinese Stocks Soar On Bullish Economic Data
  • 2 days Apple’s “Holy Grail Of Data” Leaves Energy Traders Disappointed
  • 2 days Gold Rally Adds $250 Billion To Top 50 Miners' Market Cap
  • 3 days TikTok Is Becoming A New Battleground For Tech Politics
  • 3 days Peru's Mining Industry Pummeled As Coronavirus Cases Surge
  • 3 days Why The World Is So Divided In Its COVID-19 Response
  • 4 days Equities Cheer Stellar Jobs Report, But It May Be Fleeting
  • 5 days Is Tech Billionaire Peter Thiel Done With Trump?
  • 5 days Musk Takes To Twitter To Troll The SEC
  • 6 days Lunar Mining May Commence As Early As 2025
  • 7 days Immigration Will Go Bust Without $1.2B Bailout
  • 7 days The Economics Of The Space Race
  • 8 days Why The World's Central Banks Aren't Yet Sold On Renewables
  • 9 days How Much More Cash Can Uber Burn?
  • 9 days Inside The Biggest Counterfeit Gold Scandal In Recent History
  • 9 days EU-U.S. Trade Relations Are Deteriorating
  • 10 days Over 184 Companies Have Bailed On Facebook
$15,000 For Your Crypto’s Ticket To Visibility

$15,000 For Your Crypto’s Ticket To Visibility

Market manipulation might be the…

$32 Million Crypto Heist Halts Tokyo Exchange

$32 Million Crypto Heist Halts Tokyo Exchange

Tokyo’s Bitpoint Japan Exchange has…

Facebook’s Libra Faces Political Backlash

Facebook’s Libra Faces Political Backlash

Facebook wants to challenge Bitcoin…

  1. Home
  2. Cryptocurrencies
  3. Other

Cryptojacking: A New Threat Vector To Critical Infrastructure

Hacker

Cryptojacking is the latest buzzword in the crypto-community. The premise is simple; wannabe miners secretly install software on unsuspecting devices or websites which hijack the victim’s computing power to mine cryptocurrency.  This usually comes with a little bit of social engineering and well-designed malware which will hide on the victim’s computer, website, or cloud. And the problem is growing more severe, according to IBM managed SecurityIntelligence.

In the ‘old days’ of cryptojacking, miners would deliver the software through infected files which would then be stored directly on the victim’s hardware. But times have changed. Now, hackers simply inject scripts into websites which then harness visitors’ computing power in order to illicitly mine CPU-based cryptos.

Browser-based mining is an idea that began with good intentions. It was marketed with web-publishers and web-browsers in mind. Website owners could forgo obnoxious advertising campaigns and still receive kickback from a growing number of visitors. Additionally, the average web junkie could install their own browser plug-in in order to capitalize on their time spent scrolling through Reddit. Sounds like a great deal, right?

Well, like most good ideas, this one was quickly corrupted. The popular CoinHive browser-based mining plug-in was mimicked and repurposed with arguably-malicious intent. “We thought most sites would use it openly, letting their users decide to run it for some goodies, as we did with our test implementation on pr0gramm.com before the launch. Which is not at all what happened in the first few days with Coinhive,” an anonymous member of the CoinHive team told Motherboard.

It may be time to update the list of internet rules. Rule 34.5: If it exists, people will mine with it.

Tesla is becoming increasingly familiar with this new rule. Back in November, what started as a joke on Facebook quickly became a reality as a Tesla owner posted photos of a bitcoin mining rig in the back of his trunk, powered by a free Tesla charging station. While controversial, the act was little more than a talking point that went viral for a week.

Elon Musk’s latest headache, however, is certainly cause for concern.

On February 20, RedLock security researchers released a report outlining a cryptojacking incident that targeted Tesla’s Amazon S3 cloud service. Hackers gained access to the company’s login credentials and installed complex mining pool software. Not only was Tesla briefly mining cryptos without knowing it, private data was also compromised. The software was promptly removed, but this is only one incident in a recent trend of high-profile cryptojacking cases.

Earlier in the month, over 5,000 websites were hit with crypto-mining malware, including major UK government operated sites. The script was inserted into a popular plug-in, BrowseAloud, which is meant to assist blind and partially sighted individuals browse the web.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” noted Scott Helme, an IT security consultant.

While these incidents may be shocking, there may be even more troublesome implications for the world’s critical infrastructure.

As the Internet of Things continues to seep into every aspect of our lives, infrastructure is undoubtedly impacted. Traffic lights, pipelines, nuclear plants, supply chains, electrical grids, and countless other overlooked and underappreciated tools in our increasingly complicated web of connectivity are becoming more vulnerable to attack, malicious or not. Even your smart TV can be hijacked for crypto-mining while you’re pretending to not binge watch 10 seasons of Friends.

While mining may be the most innocent application of security gaps in this mess of data streaming, it still has potentially dire consequences. But more worrying is the impact on the world’s most important infrastructure.

Critical infrastructure isn’t labeled as critical for the sake of it… it’s as such because it’s absolutely necessary in our daily lives. Already, there have been numerous accounts of hackers infiltrating some of the world’s most important systems, even through simple phishing scams.

It’s not my intention to blame those falling victim to these vulnerabilities, or even those exploiting these vulnerabilities – only to point out that as technology progresses, it is important to be aware of the potential threats that could derail the progress we’ve made.

Don’t fear your smart-fridge, just enable some ad-blockers, don’t click random links in emails, keep up-to-date anti-virus protection and definitely always double-check the domain you’re browsing.

As critical as this infrastructure may be, it is equally critical that the security of this infrastructure remain a top priority – and this includes protecting yourself from social engineering, whether you are a high-ranking Tesla employee or a casual Reddit commenter.

By Michael Kern via Crypto Insider

Back to homepage

Leave a comment

Leave a comment