• 18 hours Banksy’s Littered ‘Monet’ Sells for $10M
  • 3 days Three Renewable Energy IPOs To Watch
  • 4 days Bitcoin Nears $13,000 As PayPal Joins The Crypto Fray
  • 5 days DOJ Declares The Obvious: Google Is A “Monopoly”
  • 6 days Alibaba Is About To Make History Again
  • 7 days Robinhood Users Are Latest Target Of Pandemic Hackers
  • 9 days The Hydrogen Boom Will Provide A $200B Boost To Wind And Solar Energy
  • 11 days Will The 5G Rollout Overshadow This Major Merger?
  • 11 days Corporate Bitcoin Holdings Boost Crypto Confidence
  • 12 days Indonesia Rolls Out Augmented Reality Innovation To Combat COVID
  • 12 days Banks Are Getting Rich On Pandemic Overdrafts
  • 13 days The Real Reason China Is Betting Big On Renewables
  • 13 days Europe Wants To End The Big Tech Monopoly
  • 14 days New Breakthrough Could Transform Rare Earth Mining
  • 14 days Waymo Set To Roll Out Fully Self-Driving Vehicles
  • 16 days Aramco Dividend Won’t Cover Saudi Budget Gap
  • 17 days Credit Card Debt Plummets Amid COVID
  • 17 days Biden Plan Targets “Wealthy” Taxpayers
  • 19 days McAfee Arrested In Spain On Tax Evasion Charges
  • 19 days South Asia Is Set To Unleash A Flurry Of IPOs
China's Boldest Move Yet To Ditch The U.S. Dollar

China's Boldest Move Yet To Ditch The U.S. Dollar

It appears that China's blockade…

U.S. Pushes For Digital Currency For Immediate Stimulus

U.S. Pushes For Digital Currency For Immediate Stimulus

The world’s governments are rushing…

Iran Looks To Launch Its Own Cryptocurrency

Iran Looks To Launch Its Own Cryptocurrency

Iran has proposed the creation…

  1. Home
  2. Cryptocurrencies
  3. Other

Cryptojacking: A New Threat Vector To Critical Infrastructure

Hacker

Cryptojacking is the latest buzzword in the crypto-community. The premise is simple; wannabe miners secretly install software on unsuspecting devices or websites which hijack the victim’s computing power to mine cryptocurrency.  This usually comes with a little bit of social engineering and well-designed malware which will hide on the victim’s computer, website, or cloud. And the problem is growing more severe, according to IBM managed SecurityIntelligence.

In the ‘old days’ of cryptojacking, miners would deliver the software through infected files which would then be stored directly on the victim’s hardware. But times have changed. Now, hackers simply inject scripts into websites which then harness visitors’ computing power in order to illicitly mine CPU-based cryptos.

Browser-based mining is an idea that began with good intentions. It was marketed with web-publishers and web-browsers in mind. Website owners could forgo obnoxious advertising campaigns and still receive kickback from a growing number of visitors. Additionally, the average web junkie could install their own browser plug-in in order to capitalize on their time spent scrolling through Reddit. Sounds like a great deal, right?

Well, like most good ideas, this one was quickly corrupted. The popular CoinHive browser-based mining plug-in was mimicked and repurposed with arguably-malicious intent. “We thought most sites would use it openly, letting their users decide to run it for some goodies, as we did with our test implementation on pr0gramm.com before the launch. Which is not at all what happened in the first few days with Coinhive,” an anonymous member of the CoinHive team told Motherboard.

It may be time to update the list of internet rules. Rule 34.5: If it exists, people will mine with it.

Tesla is becoming increasingly familiar with this new rule. Back in November, what started as a joke on Facebook quickly became a reality as a Tesla owner posted photos of a bitcoin mining rig in the back of his trunk, powered by a free Tesla charging station. While controversial, the act was little more than a talking point that went viral for a week.

Elon Musk’s latest headache, however, is certainly cause for concern.

On February 20, RedLock security researchers released a report outlining a cryptojacking incident that targeted Tesla’s Amazon S3 cloud service. Hackers gained access to the company’s login credentials and installed complex mining pool software. Not only was Tesla briefly mining cryptos without knowing it, private data was also compromised. The software was promptly removed, but this is only one incident in a recent trend of high-profile cryptojacking cases.

Earlier in the month, over 5,000 websites were hit with crypto-mining malware, including major UK government operated sites. The script was inserted into a popular plug-in, BrowseAloud, which is meant to assist blind and partially sighted individuals browse the web.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” noted Scott Helme, an IT security consultant.

While these incidents may be shocking, there may be even more troublesome implications for the world’s critical infrastructure.

As the Internet of Things continues to seep into every aspect of our lives, infrastructure is undoubtedly impacted. Traffic lights, pipelines, nuclear plants, supply chains, electrical grids, and countless other overlooked and underappreciated tools in our increasingly complicated web of connectivity are becoming more vulnerable to attack, malicious or not. Even your smart TV can be hijacked for crypto-mining while you’re pretending to not binge watch 10 seasons of Friends.

While mining may be the most innocent application of security gaps in this mess of data streaming, it still has potentially dire consequences. But more worrying is the impact on the world’s most important infrastructure.

Critical infrastructure isn’t labeled as critical for the sake of it… it’s as such because it’s absolutely necessary in our daily lives. Already, there have been numerous accounts of hackers infiltrating some of the world’s most important systems, even through simple phishing scams.

It’s not my intention to blame those falling victim to these vulnerabilities, or even those exploiting these vulnerabilities – only to point out that as technology progresses, it is important to be aware of the potential threats that could derail the progress we’ve made.

Don’t fear your smart-fridge, just enable some ad-blockers, don’t click random links in emails, keep up-to-date anti-virus protection and definitely always double-check the domain you’re browsing.

As critical as this infrastructure may be, it is equally critical that the security of this infrastructure remain a top priority – and this includes protecting yourself from social engineering, whether you are a high-ranking Tesla employee or a casual Reddit commenter.

By Michael Kern via Crypto Insider

Back to homepage

Leave a comment

Leave a comment