Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 161: Understanding the Risk of Cryptojacking
Reference Number: ACG-CSB 040219161
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Cryptojacking is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies. It is a burgeoning menace that can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers.
Cryptojacking is a cybercrime threat in which actor/s obtains unauthorized computer resources to generate cryptocurrency. Malicious scripts deployed and executed take advantage of the victim’s Central Processing Unit (CPU) resource to mine cryptocurrency for benefit of the threat actor/s. This allocation of CPU power is done without consent and knowledge of the device owner.
Like most other malicious attacks on the computing public, the motive is profit, but unlike many threats, it is designed to stay completely hidden from the user. The ability to deploy scripts on devices indicates a successful intrusion into a network, providing an attacker opportunity to read, write, exfiltrate and redirect the data passed through the compromised router. This results in the gain of financial benefit of the threat actor/s from the mining process, while causing disruption to the efficiency, privacy and security of online services.
There are few ways wherein cryptojacking can occur. One of the most popular way is to use malicious emails that can install cryptomining code in a computer. This is done through phishing tactics. The victim receives a seemingly harmless email with a link or an attachment. Upon clicking on the link or downloading the attachment, it runs a code that downloads the cryptomining script on the computer. The script then works in the background without the knowledge of the victim.
Another is known as a web browser miner. In this method, hackers inject a cryptomining script on a website or in an ad that is placed on multiple websites. When the victim visits the infected website, or if the malicious ad pops up in the browser of the victim, the script automatically executes. In this method, no code is stored on the computer of the victim. In both of these instances, the code solves complex mathematical problems and sends the results to the server of the hacker while the victim is completely unaware.
Cybercriminals are investing work to develop very good malware because it could be more profitable than other malware, depending on how many devices they infect or how long it goes undetected.”
While cryptojacking payouts can be slow and small, they can offer a steady stream of income with relative ease as long as they go undetected, and as this strategy makes mining relatively resource-neutral, any earnings are essentially pure profit. As such, these attacks are really a game of scale, generating more substantial earnings as the malware infects more devices or websites. Better malware authors see better returns, but with millions of samples of mining malware recently recorded, it is clear that a wide range of cybercriminals are refining their ability to exploit this rising threat vector.
Cryptojacking give criminals direct financial incentives to break into as many systems as they can, and maintain their access over long periods of time. Unlike ransomware, cryptojacking does not tend to cause a sudden, dramatic outage or event. Instead, criminal cryptominers can lurk on your systems for months or years before they are discovered. These can cause instability in your physical infrastructure, increased power costs, slowness, poor performance and more.
The public are advised to follow these tips in order to understand the risks and prevent being victimized by cryptojacking, to wit:
• Install an ad-blocking or anti-crypto mining extension on web browsers;
• Keep web filtering tools up to date;
• Use a mobile device management solution to better control what is on the users’ device;
• Deploy a network monitoring solution to analycese network data and detect cryptojacking and other specific threats; and
• Consider applying the vulnerability CVE-2018-14847 patch in potential vulnerable devices.
For additional information, please refer to the following websites:
• INTERPOL Cyber Fusion Centre Cyber Activity Report (CAR-19-0045-PH) dated February 20, 2019.
POINT OF CONTACT