Blog Post: Why Threat Intelligence Is Important for Fighting Cryptojacking


By: Nobel Tan, Chief Technology Officer, Sentinel Protocol

A new form of cybercrime is going rampant, and you are the target.

This new cybercrime is called ‘cryptojacking’, where hackers steal the CPU resources of your laptop or PC in order to mine cryptocurrencies.

How does cryptojacking happen?

Cryptojacking happens in three ways:

1. Email phishing

Email phishers try to get victims to click on a malicious link within an email. Once these victims click that link, pieces of crypto mining code get downloaded and run on their computers.

2. Infecting a website with malicious code

Cryptojackers also infect a website or online ad with malicious JavaScript code that automatically executes in their browsers once victims visit the target URL and load the website.

What makes it especially insidious is you might not even know that your computer is being jacked. Even while the malicious code is running in the background, you may only notice that your laptop is lagging, or running unusually slow.

3. Infecting via Supply Chain

A software developer with ill intent hides crypto mining code within their software or 3rd-party applications. When users install or use those applications, they unknowingly become mining nodes for the sole benefit of the cryptojacker.

Why is it on the rise?

Cryptojacking has proven to be quite profitable for hackers. It does not require any technical skills, nor does it require more money and risk than using ransomware. Cryptocurrency mining also generates money continuously.

However, instead of buying expensive mining equipment, using their own computing resources, and paying for their own electricity use, cryptojackers just steal other people’s computing resources and electricity to make money.

A featured article on CSO lists plenty of real-world examples of cryptojacking, including BadShell that used Windows processes to do its dirty work.

IoT industry trends: Cryptojacking poses a major problem

Cryptojacking is not just a nuisance or some petty scheme cooked up by script kiddies. It is an increasingly serious cybersecurity problem, especially where IoT devices are concerned.

The amount of attacks on IoT devices has increased by 600% in one year. This increasing trend of cyberattacks on IoT is a reflection of the fact that security on current IoT devices is quite weak and therefore easy to corrupt. LMG has successfully conducted a proof-of-concept hack on IoT devices, showing how astonishingly easy it is to hack into IoT.

Hackers used to attack single points of failure, such as databases, but they are increasingly attacking IoT devices and networks. IoT is a key component to digital transformation for almost all businesses and industries, particularly manufacturing and supply chain management.

However, IoT poses several security challenges. Increasing market pressures on companies to go wireless leaves IoT more vulnerable to hacks. The more connected critical infrastructure becomes, the higher the risk of attacks, including state-sponsored ones. Other challenges also include:

● IoT integrations in the public cloud that lacks security

● Increasing data security regulations expected for IoT

● Personal data protection challenges (GDPR, ePrivacy)

● Human dimension remains the weakest link

IDC forecasts that “by 2019, more than 75 percent of IoT device manufacturers will improve their security and privacy capabilities, making them more trustworthy partners for technology buyers.”

Many companies, including Managed Security Service Providers, are beginning to explore ways to shore up IoT security. But device makers lack the expertise to manage complex security challenges such as preventing cryptojacking. They are also under pressure to meet production schedules along with quarterly earning targets, so device security is often placed on the backburner as it takes too much time and resources to implement.

What can be done to stop cryptojacking?

The key is to understand what device security means. You can no longer just encrypt a device and call it secure — hackers these days are too sophisticated.

To properly secure a device, you need authentication — a secure method to identify and verify who you are communicating with.

Both companies and individuals also need to change their attitude about security. Instead of seeing it as an inconvenience, they need to make it an integral part of their personal lives, finances, and business operations. This is, of course, feasible to do when security solutions are seamless, fast, and easy to use.

Apart from the usual recommendations to protect IoT devices that include changing passwords, regularly patching IoT software, blocking unnecessary traffic, etc, there is another — and far more convenient — solution:

Collective security intelligence based on the blockchain

A decentralized and blockchain-based Threat Intelligence Database provided by Sentinel Protocol is a solution that boosts cybersecurity around cryptos, IoT devices, and other digital assets. Cybersecurity for companies and individuals transacting with cryptocurrencies can now be enhanced without doing more work or changing routines.

The TRDB collects crowdsourced information accessible to any individual or business in real time. Like web application firewalls, the TRDB maintains whitelists of safe URLs and domains and blacklists of malicious URLs and online addresses.

Individuals can use the UPPward browser extension (available on Chrome and Firefox) to cross-check any URL with the TRDB to verify whether it is safe to click on it. Users can also report fraud, phishing scams, and malicious activity online through the UPPward extension, and cybersecurity experts will review and validate these reports before posting the new information in the TRDB, which will blacklist malicious URLs. In this case, end-user surveillance can help prevent cryptojacking of IoT devices and personal computers.

How can threat information be used by businesses?

While the UPPward extension empowers individuals to take control of their digital security, businesses also need to keep hackers and cryptojackers out of their IoT devices. Businesses can use a suite of products to do exactly that, such as the Twitter Crawler System, Interactive Cooperation Framework (ICF) API, and the Crypto Analysis and Tracking Visualization (CATV).

They can use the ICF API to interface their networks with the TRDB so they could get cybersecurity alerts in real time. They can use such threat intelligence to beef up their security practices. Both businesses and individuals can also use the Twitter Crawler in the UPPward browser extension to crawl tweets containing safe or malicious URLs.

For businesses that specifically deal with cryptocurrencies, they can also use the Crypto Analysis and Tracking Visualization (CATV) to ensure they do not inadvertently transact with bad actors, such as cryptojackers and exchange hackers.

Follow the Sentinel Protocol forum and social accounts for the latest stories — Twitter, Telegram, LinkedIn or Facebook.