SEMA News—December 2019
Hackers’ New Trick: Stealing Your Computing Processing Power
Hackers have a new trick: stealing your computing processing power when you’re not looking.
In a marked shift from previous years, hackers are much more likely these days to be bent on stealing your computing processing power than embedding ransomware or other malware in your network, according to a March 2019 report from IBM (www.ibm.com/security/data-breach/threat-intelligence). That’s because it’s much safer for hackers to simply steal your computing processing power over the internet—and use it for mining crypto currencies such as Bitcoin—than to get involved in planting other criminal software on business and corporate networks, according to the report’s authors.
“One of the hottest commodities is computing power tied to the emergence of crypto currencies,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services. “That has led to corporate networks and consumer devices being secretly hijacked to mine for those digital currencies.”
Added Kevin Haley, director of Symantec Security Response: “Now you could be fighting for resources on your phone, computer or Internet of Things device as attackers use them for profit.”
All told, the number of computer users reportedly impacted by “Black Hat” mining was more than five million in 2018 (up from 2.7 million the prior year), according to a report from IT security firm Kapersky Lab (www.tinyurl.com/securelist-com-kaspersky). The number is most likely much higher, given that it’s often very difficult to detect when a Black Hat miner has actually infiltrated a network or computer.
The reports from IBM and Kapersky are an eye-opening shift in hacker tactics, given that so many corporations and individuals are currently fixated on preventing ransomware and other malware attacks and so few realize that hackers have now moved on to stealing computing processing power. One of the most vexing aspects of that theft—also known as crypto-jacking—is that it can be so clandestine.
Many hackers running the scam are often careful to steal computer-processing power only when a computer or smartphone is not in use. The most careful of them steal power during the off hours, when computers are on but people are most likely sleeping.
Other hackers are especially crafty in camouflaging mining programs as legitimate software. For example, Kapersky Labs has uncovered a mining program that looks like an Adobe product installed on your computing device—complete with a fake Adobe icon, a fake Adobe executable file and a fake Adobe digital signature, according to Evgeny Lopatin, a security expert at the IT firm.
“Malware, especially cryptominers, continually evolves to avoid detection, often hiding in memory or delivering malicious code directly into the memory of a system,” added Intel Security General Manager Jim Gordon.
The impact on individuals and companies overall can be significant. Computer power theft generally results in a slowdown in computing performance while the theft is underway, making it more difficult to work on your device and decreasing your overall productivity. Computers can also become unstable during a theft, and hackers hijacking computers for mining often have no qualms about driving computer processors and supporting systems at maximum speed, which often results in shortening the life of the devices or overheating their batteries.
That is why computers hijacked by Black Hat miners often have their fans running at full speed: The fans are trying to cool computer processors running hot at maximum speed.
In addition, the results of the thievery also show up in inflated electricity bills, and added costs show up for companies using cloud connections that are compromised by the thieves. Bills for CPU usage can be much higher.
“The massive profit incentive puts people, devices and organizations at risk,” said Mike Fey, president and COO of Symantec.
Unfortunately, the problem of computer processing theft will most likely be with us as long as crypto currencies such as Bitcoin, Ethereum and Monero remain popular, Haley added. That’s especially true when the values of crypto currencies soar.
While the early value of a Bitcoin was at times less than a penny in 2010, for example, the price of a single Bitcoin soared in value to $20,000 by 2018 (www.coindesk.com/price/bitcoin). The value has since dropped significantly, but the “coins” are still apparently worth thieving for even at that rate.
Hackers discovered the market for Black Hat mining as crypto currencies burgeoned and grew to rely on thousands of computers across the world to maintain their systems. Essentially, the currency systems need those networks to verify all the transactions associated with digital coin transactions and to perform overall auditing of their systems.
Scores of legitimate computer networks regularly perform that work and are paid in new digital crypto-currency “coins” after they complete a pre-agreed amount of auditing. That’s why the computer networks are called “miners.” They “mine” new crypto-currency coins by working as auditors for the crypto-currency systems.
Black Hat miners do the same work as their legitimate counterparts, with one major difference: Instead of using their own computer networks, Black Hat miners unleash malware onto the web that transforms thousands of computers, smartphones and other computer devices into a mining zombie network. Together, that stolen processing power is used to mine crypto currency.
IT security experts say that companies should currently be on the lookout for two types of Black Hat crypto-mining. The first comes in the same format as our old friend, malware. It’s generally secretly downloaded to a computerized device via a rogue link and executes as a working mining program at the hacker’s whim.
The second major form of Black Hat mining occurs while users surf the web. Surfers get hit when they visit a webpage that has been reprogrammed by a Black Hat miner. The thieving script injected into the page steals computer processing power as long as the user remains at the website.
In fact, millions of Android users were afflicted with this form of Black Hat mining in 2018, according to IT security firm Malwarebytes (www.tinyurl.com/malwarebytes-com-threat).
Fortunately, best practices for combating computer-processing power theft generally mirror those used by companies for protecting against other kinds of malware. Companies best prepared are those that have:
- Gold-plated firewall systems.
- IT network security software.
- Regularly installed security updates for all software.
- Employee education programs that train staff to beware of suspicious emails, suspicious websites and suspicious phone callers asking for passwords and other network access information.
“People need to expand their defenses or they will pay the price for someone else using their devices,” said Symantec’s Haley.
Individual computer users can further protect themselves by installing browser extensions that help protect against Black Hat mining, such as the following:
- AntiMiner (www.tinyurl.com/detail-anti-miner)
- Coin-Hive Blocker (www.tinyurl.com/coin-hive-blocker)
- MinerBlock (www.tinyurl.com/minerblock-origin)
- NoCoin (www.tinyurl.com/no-coin-block)
And they can also test to see if their web browsers have been corrupted by Black Hat miners with a free service from Opera Browser (www.cryptojackingtest.com).
Meanwhile, network administrators can use tools such as WhatsUp Gold, by Ipswitch (www.tinyurl.com/ipswitch-network). WhatsUp enables them to monitor for CPU usage spikes over time and set up alerts for when CPU usage exceeds a threshold. The app can also be specially tuned to monitor a network’s CPU usage during off hours—the witching hour for many Black Hat miners.
In some ways, this latest sleight of hand from hackers seems like so many others they’ve used to take advantage of everyday computer users. The only real difference this time is that it’s so insidious. With Black Hat mining, it could take months or even years for a company to discover that a hacker is taking small sips of its network computer-processing power when no one is looking.
Joe Dysart is an internet speaker and business consultant based in Manhattan.