Are you hosting crypto zombie miners?

Is your device's CPU being used to mine crypto-currency? ITWeb sat down with BUI to discuss this next evolution in cyber attacks.

Johannesburg, 12 Feb 2018
Read time 4min 20sec

Crypto zombie miners sounds like a computer game. It combines two of the hottest trends of the moment: crypto-currency and zombies. However, it's far from fun and games, according to BUI MD Ryan Roseveare. "Essentially, users can be targeted by simply visiting a Web site with a small piece of code that executes in your browser that, in turn, uses your CPU to mine crypto-currency for the site owners."

This type of attack can be implemented in a number of ways. It's possible that the user thinks that he or she is participating in a legitimate crypto-currency mining activity, and installs the code without realising that it's mining on behalf of a third party. Then there's the code that is hidden in a pop-up window, which keeps running even when the window is closed. In this instance, the user rarely realises that the mining activity is taking place. And then there's the hapless Web site visitor who ends up mining on behalf of the cyber criminal.

BUI Information Security and Business Development Manager Handre van der Merwe says it's important to note that crypto-mining isn't the same as malware, and that there's been a definite shift in the type of cyber attack that crypto-mining represents. "Previously, cyber attackers targeted businesses' Web sites or data and the effects were immediately evident to the victim. This type of attack has a vested interest in keeping your Web site running as usual so that it can use your processing power to mine digital currency."

In fact, in most instances, the business won't even know that it's hosting crypto-currency miners. "Users might notice that your Web site is slower than usual, but that's because its processing power is being diverted to make money for someone else," adds Thys Janse van Rensburg, Cloud Architect and Microsoft VTSP at BUI.

So there are two aspects to this: there's the fact that the business's CPU is being hijacked for malicious purposes; and there's the fact that users' (possibly customers') interactions with your Web site are being hijacked for the same purpose.

The side-effects for the business are less processing power overall and a spike in electricity consumption. However, from a reputational point of view, the damage could be so much more, says Roseveare, should customers realise that you're mining off their computer.

Tracking mining zombies at work

How would you detect digital currency mining on your device's CPU? Janse van Rensburg says: "If your computer is suddenly abnormally slow, it is possible that its processing power is being used for crypto-currency mining. If you suspect that it might be, you should check your CPU usage when visiting a particular Web site, as a normal Web site shouldn't task the CPU significantly. Do this by closing all of the applications on your computer before checking the site for significant CPU usage."

He says ad blockers can also be used to detect this type of activity as often the malicious code is contained in pop-up windows, which ad blockers prevent.

Close that mine down

There are measures you can take to protect your business against becoming an unwitting participant in a crypto-currency mining operation. Van der Merwe says: "You need to ensure that your device has adequate protection in place. This includes having a decent commercial anti-virus, ensuring that your software is up to date and patched, you need to do regular scans and ensure that your environment is current and secure. A proper next-generation firewall will provide adequate protection."

"This is a different type of attack," emphasises Roseveare. "It's literally a couple of lines of code that are injected into your Web site. It's not a virus or file that we're accustomed to defending against. It could even be inserted into your internal web server and everyone who uses your intranet, ie, all of your staff members, could end up mining for a syndicate somewhere.

"If someone goes onto your site and detects that you're mining off their computer, it could prove very embarrassing. But you'd only detect this type of activity if you have appropriate protection on your computer."

Janse van Rensburg concludes by saying: "Very smart people are being drawn in by crypto-currency mining scams - and it is a scam. Everyone wants to be on the Bitcoin bandwagon, and if a link promises to simplify that process, why wouldn't they click on it? They just don't realise that they'll be mining that currency for someone else, not themselves."

The above statement notwithstanding, while there are legitimate ways to mine crypto-currency, if it seems too good to be true, it probably is.

Have your say
Facebook icon
Youtube play icon