This is written by Aryan Kashyap, a student of LloydLaw College pursuing a Diploma in Cyber Law, Fintech Regulations, and Technology Contracts from LawSikho.com. In the article, he has talked about cryptojacking growing as a trend and has answered what people can do to protect themselves. This article has been edited by Dipshi Swara (Senior Associate, Lawsikho).
Various companies in recent times have been the target of some of the other kinds of cyberattacks. While hacking and data breaches are one of the most commonly prevalent cybercrimes, now with the world witnessing the rising of crypto-currencies, it has started encountering new offences that directly target cryptocurrencies. Cryptojacking is one such crime that has the capability of affecting one’s entire business activity. And what makes it more dangerous is that it can easily evade detection. Therefore, the companies and their professionals need to have effective measures in place for dealing with the offence of crypto-jacking.
What is cryptojacking?
Cryptojacking is defined as the act of mining a cryptocurrency using someone else’s computer without their permission. Kaspersky defines cryptojacking as a cybercrime where someone gets unauthorised access to someone else’s devices and they use these resources to mine cryptocurrencies. Like most forms of cybercrime, the attacker has the same motive here and that is money. The unique thing about this form of attack is that the victim is unaware of the attack. The only sign users can notice is when the system gets slower and starts lagging a bit.
How do people get cryptojacked?
Usually, hackers use two (2) methods to cryptojack people, they are:
- The injection method,
- The non-injection method,
- The Injection method.
- The hacker tricks a victim to load certain codes on their computers. These codes are known as crypto mining codes. This is usually done by phishing.
- The victim may receive a very genuine-looking email or text containing a link in which the code is embedded. As soon as the user clicks on the link the crypto mining script is transferred to the computer without the user’s knowledge.
- The script keeps working in the background and the user stays completely blind to what’s happening.
- The Non-Injection method
- This method uses a website as a form of transmission. A crypto mining script is inserted on a website or a digital advertisement.
- When a user visits the website or an infected pop-up advertisement comes, the script comes into action.
- In this method, no codes are stored locally on the victim’s computer.
Despite which method is being used, the crypto mining code runs a set of mathematical problems on the victim’s devices and sends the collected data to a server that is controlled by the hacker. The end goal is always profit maximisation.
How common is cryptojacking?
- Alex Vaystikh, the co-founder and CTO of SecB, estimated that for every 100 devices which are doing unauthorised crypto mining for a hacker, the majority of data comes from web browsers and advertisement whereas only a small fraction of data comes from the user.
- No one exactly knows how much cryptocurrencies are mined as the hackers are very discreet. But one thing the community agrees on is that it’s very prevalent.
- Browser-based crypto mining appears to be the most common method as it is where the users are most vulnerable.
- Positive Technology’s Cybersecurity Threat Scapes early 2019 report reveals that there was already a reduction in the mining activities and that it only accounts for 7% of all the attacks. This is also suggestive of the fact that the hackers have shifted to using more ransomware as it undoubtedly increases their profits.
- Marc Laliberte, the Network Security solutions provider for WatchGuard Technologies stated that crypto mining is still in its native stages and will develop a lot over time.
Why is cryptojacking famous in the hacker’s community?
- Digital Shadows in their report called The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud found out that cryptojacking does not even require you to be a technology expert.
- The main reason this has become a famous trend in the crypto community is that it is quite easy to do and helps hackers make easy money compared to other more technical crimes. Ransomware will make a hacker money once whereas cryptojacking helps them keep generating money over some time.
- The hackers are safer when committing crypto-jacking as the victim doesn’t even know that they are under attack. Even if it is discovered it is very difficult to find the source of the attack.
- Hackers also prefer crypto-jacking the lesser-known cryptocurrencies, as the popular ones like bitcoin may have more safety mechanisms.
How can you detect if you are cryptojacked?
You need to look out for the following signs on your computer:
- Your device’s performance will be slower than usual.
- Your devices will start overheating and will discharge faster than usual.
- As crypto-mining takes a huge toll on your computer’s processor, it may start shutting down unexpectedly due to reduced processing power.
- The overall productivity of your device will reduce significantly.
- Your electricity bills will start skyrocketing unexpectedly.
- A good test would be to check the CPU activity monitor or task manager on your computer. If the CPU usage is peculiarly high even when no applications are running on the forefront, it might be a sign of crypto-jacking.
Famous examples of cryptojacking
Prometei cryptocurrency botnet exploits Microsoft exchange vulnerability
- Promote, a multi-stage botnet that was designed to mine the Monero cryptocurrency and has been around since 2016.
- It uses a variety of means to infect devices and increase its network.
- Earlier in 2021, Cybereason found out that Prometei was taking advantage of the vulnerabilities in Microsoft Exchange.
- After it infected the devices it used them to mine Monero.
PowerGhost steals Windows credentials
- The Cyber Threat Alliance in their Illicit Cryptocurrency Mining Threat report has described PowerGhost.
- PowerGhost is a stealth malware that camouflages itself from detectors.
- It further uses the spear-phishing method to attack selected individual’s systems and then steal their Windows credentials.
- It further used the data collected to disable the computer’s antivirus software and remove competing crypto mining codes to make the most for themselves.
BadShell uses Windows
- Comodo Cybersecurity discovered malware in one of their client’s computers, it was named as BadShell.
- It was using Windows processes in mining.
- It injected malware codes in the usual running processes.
- It worked with a scheduler to have consistency.
- It had a registry that held the malware’s binary codes.
Cryptojacking through GitHub
- Recently Avast Software reported that some hackers were using GitHub to mine cryptocurrency.
- The hackers would look for real projects on the platform and would then branch out to other smaller projects within them.
- The malware codes were hidden in these smaller projects directories.
- These crypto hackers would then use a phishing scheme to have people download these directories by doing them as some adult software.
Exploiting rTorrent’s vulnerabilities
- Hackers had found out about some vulnerabilities in rTorrent’s configurations.
- Due to this, there was some glitch in clients accessibility and anyone could have entered without proper authentication.
- Thus these jackers hunted for the clients who were victims of this misconfiguration and deployed a Monero Cryptominer on them.
- This vulnerability was reported by F5 Networks and they advise rTorrent to make sure that their clients do not accept connections from outside to prevent any losses.
Are there any laws regulating cryptojacking?
There are no solid laws regulating this space. However, if we think logically the hackers in the case of cryptojacking are trespassing and committing the intentional tort of conversion at the least. Trespassing is entering somebody else’s property without their permission and conversion happens when someone uses someone else’s private property without their consent or knowledge. The Courts and the legislature are yet to work on it. The only thing companies and people can do right now is to take precautions and try to be safe from such attacks. Thus there are no remedies as well if someone is cryptojacked as it is very difficult tracking the individual doing it.
Is banning cryptocurrency the solution?
- Nasscom says that banning cryptos would have the same effect as banning alcohol in some states, the activities will just continue underground. By keeping crypto legal the government will have the option of regulating it.
- To enforce a ban the government will need a very advanced and elaborate surveillance system. Unfortunately, the Indian infrastructure is not there yet. This would give rise to a huge black market.
- Other than this all Indian citizens will be deprived of all the benefits cryptocurrencies have to offer. Experts are of the view that the government should not haste this decision and rather think it through.
- When India liberalized its economy in the 90s, it became the world leader in the IT sector. We are at a crossroads again where the government needs to think about the future’s bigger picture.
How can you protect yourself?
- It would be a good idea to invest in nice cybersecurity software. Make sure that you pick up software that is updated frequently and purchase it from a genuine source. Good places to start would be Kaspersky, Avast, Norton etc.
- Keep yourself up to date about the new techniques hackers may be using. You can follow newsletters and tech platforms that publish such information regularly. Thus you can dodge some of those attacks.
- You can use browser extensions that alert you against such attacks or block them out completely.
- Using a nice ad-blocking software for your browser can also shield you from some attacks.
- Try keeping your operating system and other applications installed updated to the latest version. Companies keep trying to detect such malicious activities and block them out.
You must have realised the genius of these hackers by now. They keep coming up with new means to best others. It appears that this trend is here to stay for a while, thus the best we can do is to keep ourselves abreast of what these attacks are and how they take place and try to protect ourselves. No software can guarantee a cent percent that nothing will happen but we can still pursue it to the best of our abilities. Some steps that companies take on their part would be: installing the right technology that can keep a check on such attacks, keeping the systems updated and patched, and educating the staff about such attacks so that any suspicion can be immediately reported.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA