Newsletter and Subscription Sign Up

Your Computer is Working for Someone Else

Published Friday Oct 18, 2019

Author Joe Dysart

In a marked shift from previous years, hackers are much more likely these days to steal your processing power than embed ransomware or other malware in your network, according to a 2019 report from IBM.

The reason? It’s much safer for hackers to simply steal your computing processing power over the Internet—and use it for mining crypto-currencies like Bitcoin—than to get involved planting other criminal software on your network, according to the report.

“One of the hottest commodities is computing power tied to the emergence of crypto-currencies,” says Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services. “This has led to corporate networks and consumer devices being secretly high-jacked to mine for these digital currencies.”

Mark Benton, director of product development at Systems Engineering, a managed IT services firm with offices in Manchester, say crypto mining software uses precious power and will affect the performance of servers, desktops, laptops or mobile devices.

Robert Hill, owner of Stone Pond Technology, an IT consultancy based in Marlborough, agrees, “This is more than a nuisance, because once malware is in your system, you don’t know what it might do next. It requires the same vigilant defense as all the other malware threats,” he says.

The number of computer users reportedly affected by Black Hat (criminal) mining was more than 5 million in 2018—up from 2.7 million the prior year, according to a report by Kaspersky Labs. This number could be much higher, given that it’s difficult to detect when a miner has infiltrated your network or computer.

The reports by IBM and Kaspersky are an eye-opening shift in hacker tactics, given that so many corporations and individuals are currently focused on preventing ransomware and malware attacks.

Clandestine Crypto-Jacking
One of the most vexing aspects of this theft of computing processing power—also known as crypto-jacking—is that it can be so clandestine. Many hackers often steal computer processing power only when a computer or smartphone is not in use.

In fact, the most careful of these hackers steal computer power in the middle of the night, when computers are on but users are most likely sleeping.

Hackers are especially crafty in camouflaging mining programs as legitimate software. Kaspersky Labs, for example, uncovered a mining program that looked like an Adobe product that had a fake Adobe icon, executable file and digital signature, according to Evgeny Lopatin, a security expert at the IT firm.

“Malware, especially cryptominers, continually evolves to avoid detection, often hiding in memory or delivering malicious code directly into the memory of a system,” adds Jim Gordon, Intel Security general manager.

Slow-Downs and Instability
The effect on hacked individuals and companies can be significant. Computer power theft generally slows down computing while a theft is underway, making it more difficult to work on a device and decreasing productivity.

Computers also can become unstable during a theft. Hackers often have no qualms driving computer processors and supporting systems at maximum speed that can shorten the life of devices or overheat batteries.

This is why computers hijacked by Black Hat miners often run their fans at maximum speed, desperately trying to cool down processors that are running too hot and at excessive speeds.

The results of a theft also show up in inflated electricity bills and central processing unit usage. “If you use consumption-based services, such as Amazon Web Services or Azure, then the computing costs add up very quickly,” says Systems Engineering’s Benton.

Adds Mike Fey, president and COO of Symantec, “The massive profit incentive puts people, devices and organizations at risk.”

Lingering Problem
Unfortunately, the problem of computer processing theft most likely will be around as long as crypto-currencies like Bitcoin, Ethereum and Monero remain popular, says Kevin Haley, director, Symantec Security Response.

That’s especially true when the value of crypto-currencies soar. While the early value of a Bitcoin was at times less than a penny in 2010, the price of a single Bitcoin soared to $20,000 by 2018. The value has since dropped to about $11,900.

Scores of legitimate computer networks regularly verify digital coin transactions and are paid in digital crypto-currency after they complete a pre-agreed amount of auditing. That’s why the computer networks are called miners: They mine new crypto-currency coin by working as auditors.

Black Hat miners do the same work as their legitimate counterparts with one major difference: Instead of using their own computer networks, they unleash malware onto the Web that transforms thousands of devices into a zombie mining network.

Protecting Against Crypto-Mining
Currently, IT security experts say companies should be on the lookout for two types of Black Hat crypto-mining. The first comes in the same format as malware. It’s generally secretly downloaded to a computerized device via a rogue link and executes as a working mining program at the hacker’s whim.

The second major form of Black Hat mining occurs while users surf the Web. Essentially, surfers get hit when they visit a web page that has been reprogrammed by a Black Hat miner. The script injected into the page steals computer processing power as long as the user remains on the website.

Millions of Android users were afflicted with this form of Black Hat mining in 2018, according to IT security firm Malwarebytes.

Fortunately, best practices for combating computer processing power theft generally mirror those used by companies for protecting against other kinds of malware. Companies best prepared are those that have:

• gold-plated firewall systems

• IT network security software

• regularly installed security updates

• full backup of all system data, including that which is “air-gapped” (disconnected from the Internet)

• Employee education programs that train staff to beware of suspicious emails, websites and phone calls asking for passwords or other network access information.

“Properly and repeatedly training employees on appropriate digital awareness as well as instituting a culture of responsible technology usage is just as worthy an investment for maintaining productivity and security as any hardware or software security solution,” says Sean Kline, president and CEO of Turbotek, a Manchester-based managed IT services provider catering to small to medium businesses.

“When a security plan is implemented and maintained properly, these kinds of exploits (such as cryptomining) are very difficult to accomplish and often the time invested becomes not worth it to the hackers attempting to circumvent these security protocols,” Kline says.

Adds Symantec’s Haley, “People need to expand their defenses or they will pay the price for someone else using
their device.”

Individual computer users can further protect themselves by installing browser extensions from NoCoin, AntiMiner, MinerBlock and Coin-Hive Blocker.

And they can also test to see if their  browser has been corrupted by a Black Hat miner with a free service from
Opera Browser.

Also, individual computer users can double as great look-outs for Black Hat miners, simply by noticing an unexplained decrease in PC performance.

Meanwhile, network administrators can use tools like WhatsUp Gold by Ipswitch to monitor for CPU-usage spikes and set up alerts for when usage exceeds a threshold. The app also can be specially tuned to monitor a network’s CPU usage during the off-hours—the witching hour for many Black Hat miners.

Black Hat mining can take months—or even years—for a business to discover.

“Cybercrime has become a full-blown industry with all the players you would find in any legitimate business, from funders, software providers, market places and even insurance,” says Benton.

“What we are starting to see, as a result, is a bifurcation in the threat actors—the low-skilled, low-budget actors and the professionals.  

“My concern is that individuals will see crypto-mining as a victimless crime, leading to a whole new generation of trained attackers—some of whom will move on to more egregious and profitable attacks,” says Benton.

Matt Mercier, president and founder of Acapella Technologies, an IT services firm based in Manchester, says, “We are treating this the same as a ransomware attack, virus attack, malware, etc. It’s not to be tolerated.  Power theft equals productivity theft, equals money theft.”

All Stories