Cryptocurrency, and in particular Bitcoin, has been in and out of the news recently as the volatility in its value elevates investment fortunes one week and then sinks back down to earth the next. With the rise of this unregulated currency has also come a new, and unexpected threat: cryptomining hacking, also known as cryptojacking.
In order to understand this new problem let’s try to first answer the question:
What Is Cryptocurrency Anyway?
Cryptocurrency is a form of money that, instead of existing in physical form, only exists digitally, on computers. Many people once thought the formation and use of digital money was basically impossible. But cryptocurrency proved the naysayers wrong, with a monetary system that allows for an easy and secure way to track spending, keep accounts and balances, and record transactions—making it shareable and secure. Bitcoin was the first and is still the most well-known cryptocurrency—it was created in 2009—but is only one of more than one thousand cryptocurrencies available worldwide (See a list from Investopedia.com that includes the most common Bitcoin alternatives including Litecoin, Ehereum and Zcash).
Bitcoin has reached an impressive level of acceptance. It is accepted by a wide range of merchants, both online and brick-and-mortar, including Overstock.com, Whole Foods (via a purchased gift card), Expedia.com and even a Subway restaurant that immediately converts bitcoin to cash (Check out this list of companies that accept bitcoin).
How Bitcoins are Created —A Very Basic Primer
What makes Cryptocurrency unique is that there is no physical form to it, is not backed by any specific value (it is not backed by gold, for example), and there is no central bank that controls it. Yet is used in hundreds of thousands of transactions a day.
Cryptocurrency is made possible because of peer-to-peer technology plus public and private-key encryption. We described public and private-key encryption in our last post on encryption. As described on the website BlockGeeks.com: “cryptocurrency like Bitcoin consists of a network of peers. Every peer has a record of the complete history of all transactions and thus of the balance of every account. A transaction is a file that says, ‘Bob gives X Bitcoin to Alice’ and is signed by Bob’s private key … After signed, a transaction is broadcasted in the network, sent from one peer to every other peer. This is basic p2p-technology.” In other words, after a transaction is completed, it is made known to the entire network, making it impossible to be changed or manipulated after the fact.
The actual process of creating the cryptocurrency ledger is a little more complex than the description above, and this complexity is extremely important: before the transactions are added to the ‘ledger’ they are sent to a miner, who is someone who decrypts and verifies cryptocurrency transactions, and then publishes them. For this service they get paid in cryptocurrency. In fact, that’s how new cryptocurrency is created—by payment to miners for validating transactions. There are a reported 50,000 to 100,000 active miners.
As Forbes explains, “Some mine to engage in a unique kind of hobby, or for sheer profit. Others do it because they believe in the principles behind a certain coin and in what the developers intend to do with it. The reasons you have are yours.”
Quite a bit of processing power is needed for cryptocurrency mining. This helps reduce the number of people who can effectively mine cryptocurrency, and how much any single person can mine, and this is what has created a new hacker scheme: crypto-mining malware (or cryptojacking malware). This is malware used to hack into someone else’s hardware in order to use their computer power to mine cryptocurrency.
The Threat of Crypto-Mining Malware
According to an article on the MIT Technology Review, “the practice of surreptitiously mining cryptocurrency on other people’s hardware is becoming pervasive, overtaking ransomware as a tool of choice for extorting money online.” Hackers can use cell phones, individual desktops and laptops, or the networks of an entire organization.
Cybersecurity firm Check Point, in its regular Global Threat Index revealed that Coinhive, a piece of software that uses processing power on someone’s device in order to mine cryptocurrency, has become the most prevalent form of malware on the Internet, and Cryptoloot, another piece of cryptojacking malware, is now the third most prevalent. Check Point also says that cryptojacking has “affected as many as 55 percent of organizations globally.”
By using more computer power, someone can mine more and more data, getting paid with more and more cryptocurrency, which at the same time slows and clogs network processing power, sometimes considerably.
How Can You Prevent Cryptojacking?
Keeping your network safe and free of hackers is a 24-hour job, and you need a partner who can help keep them out, as well as protect your data. DYOPATH is an IT consultancy and technology provider who can manage your IT needs from top to bottom, beginning to end, including ensuring top security protocols are in place. For example, our DYOPATH Security offerings include proactive infrastructure patch management, data loss prevention solutions and vulnerability assessments. We’ll help keep your organization safe from hackers, and much more.