Consumers know that smart appliances cost, but they could cost in a whole new way as humanity enters the IoT. Many governments and cybersecurity firms are beginning to note the rising trend called “crypto-jacking.”
In a scene reminiscent of nanobot sci-fi movies, criminals can infect devices like smart fridges with untraceable cryptocurrency mining malware. The software thus maliciously installed employs the smart device’s computing power to mine digital currency, for the third party.
As futuristic as it sounds, the trend is now cited as the number one cyber security threat to consumers and businesses the world over. Users who experience abnormally low browser speed on their phone or other slumps in tech performance could be unwittingly mining bitcoin for crooks.
As jarring as it may seem, the prospect of users’ smart TV or fridge being a crime scene is not an imagined threat, but a reality of the here and now. Smart devices are already entrenched, mostly at the top end of global society. The gradual adoption of the IoT is rolling onward towards all homes on the planet.
There’s Money In Your Devices
The unfortunate twist to a connected life comes from a simple reality: cryptocurrency mining makes money. When the principal determinant of how much money a user can make mining is the amount of computing power they have, computing power has value. From there, it has been a short step to criminals siphoning off computing power from wherever they can sneak in the malware that does so. In a digitized world, malicious software on users’ handsets and other smart devices is the new kind of hijacking.
Cyber criminals come smart as a given, and cryptojacking attacks can be subtle enough not to stir a user’s suspicions. In mild cases, users might detect only slight variances in performance on any given day. Spread out over time, however, the siphoning adds up to a substantial cost.
Quite apart from individual users, businesses with large computer networks can also be softly targeted. Crooks will position cryptojacking malware in such a way as to ensure computing power is hijacked in a manner that doesn’t raise the alarm. Becoming infected with the malware isn’t limited to typically imagined routes either. Anyone browsing through a contaminated site can pick up the virus in their web browser too.
In this case, the theft is temporary as, when a user exits that site, the siphoning ceases. Antivirus outfit MalwarebytesLab has a different opinion, yet most often closing a tab will interrupt the mining.
Some legitimate sites have been upfront about it and employed the whole advent of power for rent as a savvy marketing tool. The most prominent example of this has been Salon.com. For 90 days during 2018 the site removed ads from their site visitors in exchange for mining power.
The Threat Intelligence Group Manager for cybersecurity concern Checkpoint, Maya Horowitz, recently noted hat she had come across businesses whose electricity bills increased from usual monthly figures by several hundred thousand dollars. In Bitcoin and other cryptocurrency blockchains, digital mining employs computing power to perform the complex calculations of the decentralized ledger. With global connectivity now a mainstream reality, power is available to those who know how to pinch it.
Antivirus Catching Up
Another report from Palo Alto Networks guesstimated that about five percent of the altcoin Monero has so far been mined by users employing stolen power. Putting a figure on the potential for global theft, this observation alone, if correct, would equal around $150 million. This excludes the browser theft-type mining. Most attacks take the “spray and pray” approach that targets as many devices as possible.
Ismail Belkacim points to the fact that anyone who owns a device with a computer processing unit can find themselves a target. Belkacim has developed an app that inhibits websites from mining digital currencies. The number of cryptojackings is definitely rising, soaring to 146,704 in September 2017 worldwide, to 22.4 million in December 2017. Cybersecurity concern Avast has reported that this figure has since increased to 93 million in May 2018.