How We Fight Cryptojacking and Other Malicious Activities Online
By: Nobel Tan, Chief Technology Officer, Sentinel Protocol
Money laundering and terrorist financing are becoming increasingly bigger problems that cross borders and legal jurisdictions with ease. All too often, law enforcement agencies and cybersecurity companies are resistant to sharing time-sensitive intelligence with each other until the damage has already been done. There has to be a better way.
And there is.
Crowdsourced threat intelligence on a distributed database can help prevent money laundering and terrorist financing by allowing an instantaneous exchange of the latest threat information in real-time.
Crowdsourced threat intelligence database
A decentralized Threat Reputation Database (TRDB) created and maintained by Sentinel Protocol distributes crowdsourced cybersecurity information in real time to anyone who needs it. The Sentinel Protocol project is run by the Uppsala Foundation, which is based in Singapore and has offices in Seoul, South Korea, and Tokyo, Japan. The Uppsala’s Security Operations Team is tasked with the following:
- Analyze hacks and other malicious activity
- Publish incident reports to the public
- Release security warnings to individual users on the latest threats
- Maintain whitelists and blacklists of domains in the TRDB
With the help of the Uppsala Security Operations Team, users of this database would have tools at their disposal to protect their digital assets, identities, and sensitive data. Throughout early 2019, the Uppsala Security Operations Team has been focused on fighting cryptojacking, a new cybersecurity threat that drains your computing resources without your awareness.
Cryptojacking: A quick primer
When a cryptojacking occurs, what happens is that hackers steal one another’s CPU resources in order to mine cryptocurrencies. Anyone can get cryptojacked through one of two ways: 1) phishing and 2) inadvertently downloading malware from an infected website.
In both ways, malicious code gets downloaded to your device and begins running in the background. While it runs, cryptojackers use your CPU without your authorization to mine cryptocurrencies, which saves them from buying expensive mining equipment or paying extra electricity costs. Cryptojacking also doesn’t require any technical skills, and it isn’t any riskier or more expensive than using ransomware. For these reasons, cryptojacking is quite profitable for hackers since it generates money continuously.
Who is affected by cryptojacking and how?
Anyone with devices connected to the Internet can be affected, whether it’s an individual with a laptop in a café or a multinational corporation with huge wide area networks. Even governments and universities have been victims of cryptojacking in the past.
Draining another device’s CPU might not sound like a big deal, but it opens businesses and universities to particularly insidious problems that would escalate until the problem is diagnosed. The following describes how each group gets affected by cryptojackers:
Businesses
Operational costs increase because of servers and workstations continuously running in the background while not in use. Cryptojackers would have access to CPU resources of multiple devices plus free electricity at the company’s expense. If news gets out about a business being victimized by cryptojacking, its reputation would be compromised due to not taking security seriously.
Universities
University campuses are prime areas for cryptojackers wanting to use thousands of devices that are continuously online. They view university libraries and computer labs as cash cows from which they milk free money. As a result, the universities get stuck with unreasonably high electricity bills, as well as vulnerabilities as a result of compromised security.
End users
Individuals may notice their devices being slower than usual, but may not suspect that they are being cryptojacked. They may just assume their devices are getting old. However, cryptojacking does shorten the device’s shelf life prematurely. They may also lose privacy, access to their own devices, and even get their identities compromised.
Governments
Even governments, including that of the U.S. and U.K., have been victims of cryptojacking. Although in this specific case the problem lasted only a few hours, thousands of computers and websites were affected and they were forced to shut their websites down temporarily.
IoT: New victim of cryptojacking
Cryptojacking not only affects individuals and businesses, but also smart sensors and devices connected to the Internet. These devices are known as the Internet of Things (IoT). IoT use is rapidly growing in one sector in particular — manufacturing.
Due to the growing use of industrial IoT devices, manufacturers are particularly vulnerable to cryptojacking. They are automating most of their functions, monitoring their production lines, and gaining supply chain visibility. While this brings many benefits including greater transparency, higher efficiency, and reduced costs, they are increasingly vulnerable to cryptojacking. Hackers can gain access to farms of IoT devices and use them to mine cryptocurrencies.
In fact, IoT devices have seen an increase of cryptojacking due to their limited security and ease of planting malware. Therefore, manufacturers, suppliers, and even home appliances are becoming more vulnerable due to the wide use of IoT in daily life — IP cameras, cars, fridges, thermostats, etc.
How to fight cryptojacking with Sentinel Protocol
Managed security service providers need to be aware that cryptojacking can’t be identified with reactive security measures used by most enterprises. A more proactive approach is necessary to combat cryptojacking before the damage is done.
Individuals, businesses, and governments need to work together to stamp it out. This can be done using crowdsourced security intelligence stored in Sentinel Protocol’s TRDB. They — particularly manufacturers using IoT — need to secure their devices with proper authentication procedures.
Anyone using the UPPward Network Protection can also report cryptojacking incidents to Sentinel Protocol. Each report gets reviewed in a two-step process and is updated into the TRDB for others to see. Sentinel Protocol has other tools to catch bad actors before they cause too much damage, such as the Twitter Crawler System, Interactive Cooperation Framework (ICF) API, and the Crypto Transaction Tracking System.
The Crypto Transaction Tracking System is particularly useful for tracking flows of stolen cryptocurrencies, including those mined using cryptojacking tactics. Exchanges connected to the TRDB via the ICF API can freeze those cryptocurrencies before cryptojackers could cash them out into fiat.
If we can stop most, if not all cryptojackers from cashing their mined cryptocurrencies into fiat, they are less likely to keep doing it.