This week, cloud security firm Redlock revealed that the Tesla cloud was hijacked by hackers who then used the computing power of devices connected to the cloud to mine cryptocurrencies.
This is the latest in a spate of “cryptojacking” incidents in the last few months; other companies hijacked include British insurance firm Aviva and Gemalto, the world’s largest manufacturer of SIM cards. Tesla appears to be the most prominent company affected to date.
Last week, it was reported that hackers had also broken into Jenkins servers and made over $3 million by installing malware that mined the Monero cryptocurrency.
The hackers took advantage of a vulnerability in the application’s Java deserialization implementation to install a Monero miner, which was active for months and managed to mine 10,800 Monero in that time.
As cryptocurrencies continue to gain in popularity and value, and the number of viable cryptocurrencies continues to rise, we can only expect this particular type of attack to become more and more common, especially as most consumers (and indeed companies) don’t know how to detect an attack, let alone protect against it.
The fact that many privacy advocates now recommend adding a cryptominer blocker in your browser is likely to mean little to most consumers. But it seems that cryptojacking is something we’ll have to adapt to. It certainly looks like it’s here to stay.
So what is cryptojacking—and how do they do it?
Most cryptocurrencies work via “mining”, which can be thought of bringing the potential currency into existence. Each cryptocurrency has a potential number of that currency built into its protocol, but “miners” need to bring them out of potentiality and into actuality.
To understand how this is done, it’s important to understand how cryptocurrencies work.
Because they are decentralized, a cryptocurrency needs something on which to record every transaction, to ensure that each iteration of the currency is only “spent” once. They do this via what’s called a Blockchain, which is essentially a shared ledger upon which every transaction of that currency is recorded. Ownership of the currency is also recorded in the Blockchain. Every person who owns some of the currency can access this Blockchain.
The blockchain is run by miners, who use their computing power to update the Blockchain every time a transaction is made and to ensure that the transaction is secure properly processed. As payment for this service, they are rewarded with iterations of that currency.
The way the miner brings the currency’s “coins” into existence, then, is by creating blocks of validated transactions and including them in the blockchain.
The issue is that it takes a lot of computing power to mine cryptocurrencies, and to run mining software is expensive and takes up a lot of space and power. Hackers, then, have started to break into servers and install cryptocurrency-mining malware. This is primarily to exploit the CPU time a server offers. The power of that server is then leveraged to mine the desired currency, at huge cost to the owner of that server.
Is cryptojacking something regular internet users should be worried about?
When it comes to your online security, it’s better to be over-secured than under-secured—and as there are a number of free cryptocurrency mining blockers available as extensions for browsers, it seems a matter of common sense to get one for whichever browser you use.
If you work for a large company, it’s worth investing in some sort of anti-mining security. As the Tesla hijack shows, even the most tech-savvy companies can fall prey to this sort of attack and may not notice for months—and by that time, your security can have been compromised to a serious degree.
Cryptocurrency mining malware is set to be 2018’s biggest overall security issue, so secure your servers as best you can.