• 507 days Will The ECB Continue To Hike Rates?
  • 508 days Forbes: Aramco Remains Largest Company In The Middle East
  • 510 days Caltech Scientists Succesfully Beam Back Solar Power From Space
  • 909 days Could Crypto Overtake Traditional Investment?
  • 914 days Americans Still Quitting Jobs At Record Pace
  • 916 days FinTech Startups Tapping VC Money for ‘Immigrant Banking’
  • 919 days Is The Dollar Too Strong?
  • 919 days Big Tech Disappoints Investors on Earnings Calls
  • 920 days Fear And Celebration On Twitter as Musk Takes The Reins
  • 922 days China Is Quietly Trying To Distance Itself From Russia
  • 922 days Tech and Internet Giants’ Earnings In Focus After Netflix’s Stinker
  • 926 days Crypto Investors Won Big In 2021
  • 926 days The ‘Metaverse’ Economy Could be Worth $13 Trillion By 2030
  • 927 days Food Prices Are Skyrocketing As Putin’s War Persists
  • 929 days Pentagon Resignations Illustrate Our ‘Commercial’ Defense Dilemma
  • 930 days US Banks Shrug off Nearly $15 Billion In Russian Write-Offs
  • 933 days Cannabis Stocks in Holding Pattern Despite Positive Momentum
  • 934 days Is Musk A Bastion Of Free Speech Or Will His Absolutist Stance Backfire?
  • 934 days Two ETFs That Could Hedge Against Extreme Market Volatility
  • 936 days Are NFTs About To Take Over Gaming?
  1. Home
  2. Cryptocurrencies
  3. Other

Cryptojacking: A New Threat Vector To Critical Infrastructure

Hacker

Cryptojacking is the latest buzzword in the crypto-community. The premise is simple; wannabe miners secretly install software on unsuspecting devices or websites which hijack the victim’s computing power to mine cryptocurrency.  This usually comes with a little bit of social engineering and well-designed malware which will hide on the victim’s computer, website, or cloud. And the problem is growing more severe, according to IBM managed SecurityIntelligence.

In the ‘old days’ of cryptojacking, miners would deliver the software through infected files which would then be stored directly on the victim’s hardware. But times have changed. Now, hackers simply inject scripts into websites which then harness visitors’ computing power in order to illicitly mine CPU-based cryptos.

Browser-based mining is an idea that began with good intentions. It was marketed with web-publishers and web-browsers in mind. Website owners could forgo obnoxious advertising campaigns and still receive kickback from a growing number of visitors. Additionally, the average web junkie could install their own browser plug-in in order to capitalize on their time spent scrolling through Reddit. Sounds like a great deal, right?

Well, like most good ideas, this one was quickly corrupted. The popular CoinHive browser-based mining plug-in was mimicked and repurposed with arguably-malicious intent. “We thought most sites would use it openly, letting their users decide to run it for some goodies, as we did with our test implementation on pr0gramm.com before the launch. Which is not at all what happened in the first few days with Coinhive,” an anonymous member of the CoinHive team told Motherboard.

It may be time to update the list of internet rules. Rule 34.5: If it exists, people will mine with it.

Tesla is becoming increasingly familiar with this new rule. Back in November, what started as a joke on Facebook quickly became a reality as a Tesla owner posted photos of a bitcoin mining rig in the back of his trunk, powered by a free Tesla charging station. While controversial, the act was little more than a talking point that went viral for a week.

Elon Musk’s latest headache, however, is certainly cause for concern.

On February 20, RedLock security researchers released a report outlining a cryptojacking incident that targeted Tesla’s Amazon S3 cloud service. Hackers gained access to the company’s login credentials and installed complex mining pool software. Not only was Tesla briefly mining cryptos without knowing it, private data was also compromised. The software was promptly removed, but this is only one incident in a recent trend of high-profile cryptojacking cases.

Earlier in the month, over 5,000 websites were hit with crypto-mining malware, including major UK government operated sites. The script was inserted into a popular plug-in, BrowseAloud, which is meant to assist blind and partially sighted individuals browse the web.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” noted Scott Helme, an IT security consultant.

While these incidents may be shocking, there may be even more troublesome implications for the world’s critical infrastructure.

As the Internet of Things continues to seep into every aspect of our lives, infrastructure is undoubtedly impacted. Traffic lights, pipelines, nuclear plants, supply chains, electrical grids, and countless other overlooked and underappreciated tools in our increasingly complicated web of connectivity are becoming more vulnerable to attack, malicious or not. Even your smart TV can be hijacked for crypto-mining while you’re pretending to not binge watch 10 seasons of Friends.

While mining may be the most innocent application of security gaps in this mess of data streaming, it still has potentially dire consequences. But more worrying is the impact on the world’s most important infrastructure.

Critical infrastructure isn’t labeled as critical for the sake of it… it’s as such because it’s absolutely necessary in our daily lives. Already, there have been numerous accounts of hackers infiltrating some of the world’s most important systems, even through simple phishing scams.

It’s not my intention to blame those falling victim to these vulnerabilities, or even those exploiting these vulnerabilities – only to point out that as technology progresses, it is important to be aware of the potential threats that could derail the progress we’ve made.

Don’t fear your smart-fridge, just enable some ad-blockers, don’t click random links in emails, keep up-to-date anti-virus protection and definitely always double-check the domain you’re browsing.

As critical as this infrastructure may be, it is equally critical that the security of this infrastructure remain a top priority – and this includes protecting yourself from social engineering, whether you are a high-ranking Tesla employee or a casual Reddit commenter.

By Michael Kern via Crypto Insider

Back to homepage

Leave a comment

Leave a comment