• 13 hours The TSA Could Decide The Fate Of The Government
  • 17 hours Markets Downbeat On China Trade Data
  • 20 hours Private Firms Spent Record $93 Billion On Natural Resources
  • 22 hours Tesla Cuts Full-Time Employees To Keep A Lid On Spending
  • 2 days Remaining Private Is Becoming More Expensive
  • 2 days Why Are Solar Investments Plummeting?
  • 3 days Workers Walk A Tightrope As Shutdown Puts Paychecks On Hold
  • 3 days Key Indicators Suggest A Recession Is Closer Than We Thought
  • 4 days Palladium Surpasses Gold As Demand Continues To Rise
  • 4 days Is Another Gold Rally On The Horizon?
  • 5 days Most Crypto Investors Don’t Know This Tax Loophole
  • 5 days How Tech Is Decentralizing The Energy Industry
  • 5 days Dissecting Europe's Massive Tennis Match-Fixing Scandal
  • 5 days This Gold Deal Could Be A Boon For The Mining Industry
  • 6 days 5 Companies That Could Win Big As The U.S. Legalizes Sports Betting
  • 6 days May Survives No-Confidence Vote Despite Huge Loss On Brexit Deal
  • 6 days U.S. Trade Deficit With China Grows To Record High
  • 6 days Big Oil Doubles Down On Blockchain Tech
  • 6 days What Top Financial Analysts Are Saying About Brexit
  • 7 days Billion Dollar Opportunity In The World’s Most Exciting Sector
This Retail Giant Is Paying Its Taxes In Bitcoin

This Retail Giant Is Paying Its Taxes In Bitcoin

Using Ohio’s crypto tax program,…

Cheap Power Lures Crypto Miners To Iran

Cheap Power Lures Crypto Miners To Iran

The decline in crypto prices…

Decentralizing The Internet One Torrent At A Time

Decentralizing The Internet One Torrent At A Time

Iconic peer-to-peer file sharing platform…

  1. Home
  2. Cryptocurrencies
  3. Other

Cryptojacking: A New Threat Vector To Critical Infrastructure

Hacker

Cryptojacking is the latest buzzword in the crypto-community. The premise is simple; wannabe miners secretly install software on unsuspecting devices or websites which hijack the victim’s computing power to mine cryptocurrency.  This usually comes with a little bit of social engineering and well-designed malware which will hide on the victim’s computer, website, or cloud. And the problem is growing more severe, according to IBM managed SecurityIntelligence.

In the ‘old days’ of cryptojacking, miners would deliver the software through infected files which would then be stored directly on the victim’s hardware. But times have changed. Now, hackers simply inject scripts into websites which then harness visitors’ computing power in order to illicitly mine CPU-based cryptos.

Browser-based mining is an idea that began with good intentions. It was marketed with web-publishers and web-browsers in mind. Website owners could forgo obnoxious advertising campaigns and still receive kickback from a growing number of visitors. Additionally, the average web junkie could install their own browser plug-in in order to capitalize on their time spent scrolling through Reddit. Sounds like a great deal, right?

Well, like most good ideas, this one was quickly corrupted. The popular CoinHive browser-based mining plug-in was mimicked and repurposed with arguably-malicious intent. “We thought most sites would use it openly, letting their users decide to run it for some goodies, as we did with our test implementation on pr0gramm.com before the launch. Which is not at all what happened in the first few days with Coinhive,” an anonymous member of the CoinHive team told Motherboard.

It may be time to update the list of internet rules. Rule 34.5: If it exists, people will mine with it.

Tesla is becoming increasingly familiar with this new rule. Back in November, what started as a joke on Facebook quickly became a reality as a Tesla owner posted photos of a bitcoin mining rig in the back of his trunk, powered by a free Tesla charging station. While controversial, the act was little more than a talking point that went viral for a week.

Elon Musk’s latest headache, however, is certainly cause for concern.

On February 20, RedLock security researchers released a report outlining a cryptojacking incident that targeted Tesla’s Amazon S3 cloud service. Hackers gained access to the company’s login credentials and installed complex mining pool software. Not only was Tesla briefly mining cryptos without knowing it, private data was also compromised. The software was promptly removed, but this is only one incident in a recent trend of high-profile cryptojacking cases.

Earlier in the month, over 5,000 websites were hit with crypto-mining malware, including major UK government operated sites. The script was inserted into a popular plug-in, BrowseAloud, which is meant to assist blind and partially sighted individuals browse the web.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” noted Scott Helme, an IT security consultant.

While these incidents may be shocking, there may be even more troublesome implications for the world’s critical infrastructure.

As the Internet of Things continues to seep into every aspect of our lives, infrastructure is undoubtedly impacted. Traffic lights, pipelines, nuclear plants, supply chains, electrical grids, and countless other overlooked and underappreciated tools in our increasingly complicated web of connectivity are becoming more vulnerable to attack, malicious or not. Even your smart TV can be hijacked for crypto-mining while you’re pretending to not binge watch 10 seasons of Friends.

While mining may be the most innocent application of security gaps in this mess of data streaming, it still has potentially dire consequences. But more worrying is the impact on the world’s most important infrastructure.

Critical infrastructure isn’t labeled as critical for the sake of it… it’s as such because it’s absolutely necessary in our daily lives. Already, there have been numerous accounts of hackers infiltrating some of the world’s most important systems, even through simple phishing scams.

It’s not my intention to blame those falling victim to these vulnerabilities, or even those exploiting these vulnerabilities – only to point out that as technology progresses, it is important to be aware of the potential threats that could derail the progress we’ve made.

Don’t fear your smart-fridge, just enable some ad-blockers, don’t click random links in emails, keep up-to-date anti-virus protection and definitely always double-check the domain you’re browsing.

As critical as this infrastructure may be, it is equally critical that the security of this infrastructure remain a top priority – and this includes protecting yourself from social engineering, whether you are a high-ranking Tesla employee or a casual Reddit commenter.

By Michael Kern via Crypto Insider

Back to homepage

Leave a comment

Leave a comment