Cybersecurity and cryptojacking in 2019 – a disaster in the making?

The use of crypto-mining malware has grown rapidly in the past two years to become a massive concern for cybersecurity experts. With the ASEAN region lagging behind the rest of the world in addressing cybersecurity concerns, the region is fast becoming a favourite haunt for cybercriminals involved in cryptojacking.

By Preetam Kaushik

When China does something about cryptocurrencies, it tends to have a global fallout. The Chinese dominated the global cryptocurrency trading and mining scene, but with Beijing moving to curtail virtually all activities related to cryptocurrency mining and trading since mid-2018, the values of Bitcoin and other alt-coins have tanked.

While this contributed to the bursting of the Bitcoin bubble, another stealthy cyber threat was slowly rearing its head on networks across the globe. Called cryptojacking, it uses special malware scripts and programs to steal a computer’s processing power for mining cryptocurrencies like Monero and Bitcoin.

With an unholy mix of simplicity and sophistication, cryptojacking has infected hundreds of thousands of systems and networks around the world. The speed and pace at which it has managed to spread in such a short time have alarmed security experts, many of whom consider it to be the next big threat to online security in 2019.

Cryptojacking arose from a seemingly innocuous idea

The process behind cryptojacking was pioneered by a crypto mining service called Coinhive, which was based on Monero, a highly secretive cryptocurrency. The mining service uses a javascript code that can be installed on websites.

It was (and still is) marketed as an alternative to AdWords. When websites signup to Coinhive, they agree to run the script in exchange for fees. When people visit these sites, the script runs a Monero mining process in the background on the PC or mobile device used to visit the website. This form of crypto-mining is legal when those running the script do so willingly and receive a share of the profits.

But Cybersecurity firms and experts started raising red flags when malicious use of the Coinhive script and similar codes were found on websites, servers and even routers that had never signed up for the crypto-mining service. This became known cryptojacking, running crypto-mining software on unsuspecting victims.

Sources: WiredNaked SecurityTech Crunch

Several big names and brands have fallen victim to cryptojacking malware in the last 12 months. In most of these instances, the attackers gained access due to the use of outdated versions of Drupal. In some cases, the vulnerabilities arose when website admins failed to or neglected to the set the security settings properly.

Several websites in the ASEAN region were also affected, including the Asia Pacific Institute of Information Technology (Malaysia), University of Batangas (Phillippines), Tan Dan Secondary School (Vietnam), and the website of the overseas campus of the Management Development Institute of Singapore at Tashkent. 

Cybercriminals love cryptojacking

Mining for cryptocurrencies is an energy-intensive process, with the global crypto-mining industry currently consuming more electricity than a country the size of the Czech Republic. In 2018, China was the biggest supplier, accounting for over 70% of all mined Bitcoin.

But the increasing cost of electricity and a decrease in the value of cryptocurrencies has begun eating into the profits of legal crypto-miners. With the Chinese no longer encouraging crypto mining, industry sources indicate a steady drop in the total number of legal mining farms and businesses engaged in the process.

Though direct figures are hard to come by two recent developments hint at the current crisis. Firstly, there was a 19% fall in the reachable nodes on the Bitcoin network in 2018, which can occur when a lot of miners leave the field. Secondly, Chinese companies like Bitmain and Caanan, the major suppliers of mining equipment, are suffering massive losses due to falling demand and unsold inventory.

Reports indicate that an estimated 20,000 mining rigs in a Chinese mining pool may have shut down due to rising costs. Major mining firms like Suanlito in Hong Kong, and Giga Watt in the US, have either filed for bankruptcy, or are facing severe financial crises.

Cybercriminals, however, are not affected by the rising electricity bills for maintaining hardware. Those costs are borne by the hapless victims, who could be anyone from individuals to big corporations, and even government agencies. 

Hackers have been using variations of the basic script from Coinhive to get other computers to cryptomine for them, earning millions of dollars, without incurring a single cost. According to Kaspersky, criminals can earn upwards of US$30,000 from a single cryptojacking botnet.

The situation in 2018 was far worse than ransomware attacks in the past, says Check Point, a security vendor. MacAfee Labs estimated cryptojacking grew at a rate of 4,000% in 2018, with an increase of 628% in Q1 alone. 

Why ASEAN Needs to Worry In 2019

With an expected 480 million users by 2020, Southeast Asia is one of the world’s fastest growing internet users. Governments in most major economies in the region have been proactive in encouraging digital economies and startup ecosystems, especially in the field of cryptocurrencies and blockchain. However, ASEAN nations have not been as proactive in the realm of cybersecurity.

According to an AT Kearney report, the region spends just US$1.9billion annually on cybersecurity or 0.06% of the regional gross domestic product (GDP), which is less than half the global average. Singapore leads the pack with 0.22% of GDP, but other states need to do more. Besides presenting a soft target for criminals, ASEAN nations like Malaysia, Indonesia, and Vietnam are also becoming a favoured launchpad for large scale attacks on the rest of the world.   

According to cybersecurity experts, crypto-mining malware is more aggressive than ransomware, and harder to detect as well. Right now, the hackers only seem to be interested in harnessing the processing power of the devices they gain access to. But it is still early days. Should cryptojackers decide to use the malware to harvest data, the hyper-aggressive malware could lead to dangerous security breaches. It is only a matter of time before intrepid criminals start combining crypto-mining with other forms of cybercrime like data theft.

Some advanced scripts and programs are already on the scene, like the Russian “WebCobra” which actively infects systems and does much more harm than just mining for coins. It also collects data on the system, including its processor and GPU architecture, what kind of antivirus it has, and more. Such advanced monitoring capabilities could be abused in the future for more crippling attacks.

The combination of a rapidly growing (and inexperienced) online userbase and lax cybersecurity measures make the region a fertile ground for criminals involved in cryptojacking. Solitary hackers, large scale criminal enterprises and even rogue governments are jostling for a piece of the growing cryptojacking action. Further investment in cybersecurity is the need of the hour, before crpyto-mining become more than just an annoyance, but a malignant tumour in networks across the region.