In addition to malware, a newer and bigger threat to the safety, security and value of cryptocurrencies has emerged: in-browser cryptojacking that hackers use to target the newer less-well known currencies such as Monero, Coinhive and Zcash.
These low-profile cryptocurrencies are the currencies-of-choice among threat actors; and a recent cryptojacking campaign infected over 500 000 victims in just three days.
This is according to Jeremy Samide, CEO of international cybersecurity and threat assessment firm Stealthcare, who says: “In-browser cryptojacking works off JavaScripts, which are installed on the most popular websites and readily available to anyone with criminal intent.
“With JavaScript the hacker uses the victim’s own browser to mine, or rather ‘cryptomine,’ for transactions, secretly diverting small amounts of currency at a time to his own account where it can be turned into cash.”
Industry analysts recognize Stealthcare for changing cybersecurity from defense to a more aggressive posture that relies on early warning, threat assessment, AI and human intelligence. Early on, Stealthcare’s proprietary platform Zero Day Live, detected a significant upward trend in cryptomining and cryptojacking, warned its clients of the threat and provided countermeasures.
“This is criminal behaviour plain and simple,” says Samide. “Wrongdoers directly attack the weakest link–the consumers who rely on cryptocurrency exchanges and their digital wallets for their transactions. They lure their victims in through elaborate phishing campaigns, drive-by downloads, and other subterfuges.
“The explosion of initial coin offerings (ICO) and cryptocurrency exchanges proliferating without adequate security, gave hackers the opening they needed to attack wallets and apps, siphoning off cryptocurrency from these exchanges.”
Bitcoin and Ethereum were targets when they first emerged. But as they become more mainstream, they are also being scrutinised by sovereign governments looking to apply transparency requirements on their transactions.
“These legacy cryptocurrencies now appear to be less attractive as hackers target emerging and more privately-focused currencies such as Coinhive along with Monero and Zcash,” says Samide.
In addition to the in-browser JavaScript threat, cyber criminals are still transforming older malware to include cryptomining and cryptojacking capabilities. In doing so they are creating polymorphic strains of new attacks.
Samide explains: “Some of these cryptojacking campaigns are still using older EternalBlue exploits, which were stolen by Shadow Brokers and used to create the ransomware WannaCry that wreaked havoc on the National Health Services hospitals in England and Scotland as well as Nissan Motor Manufacturing UK, FedEx, Spain’s Telefonica and the Deutsche Bahn.”
Cryptomining malware threats today are becoming three dimensional, having the ability to circumvent antivirus applications by dropping in and launching malicious payloads that can shut down antivirus processes to evade further detection. As their malware proliferates through various attack vectors, their illicit mining capabilities continue to grow exponentially, stealing hundreds and thousands of dollars over time.
Samide adds: “Playing defense is no longer adequate. When we developed Zero Day Live, it became the world’s first complete cyber threat intelligence aggregation platform to spot emerging trends, uncover actionable information, and report on high-value intelligence that allows companies to respond quickly to impending threats.”