Seems like everyone has been talking about Bitcoin lately. If you remember the dot com boom of the late nineties like I do, you might have a slight feeling of deja vu. But whether we are facing a bubble or not, one thing learned recently while doing some network data analysis, is that a new kind of “startup” has been spawned from the bitcoin opportunity: Device hijacking for cryptocurrency mining.
To understand the opportunity here for hackers, one needs to understand where cryptocurrencies come from versus the traditional currencies we are familiar with. The major difference is that while traditional currency is issued by a central government, cryptocurrencies are created through a technology called “blockchain” through a process called “mining”. To get it, miners solve math algorithms and are issued cryptocurrencies such as Bitcoin, Ethereum, Monera, Dogecoin or others in exchange. This requires significant processor power and the higher the value of currency the more processing power and time are required.
Now enter the hackers and the whole business begins to look and act more like malware as malicious players inject cryptominer scripts (in the form of a Trojan virus) to siphon off PC or mobile handset resources to line their own pockets, often rerouting the Monera earnings to unauthorized third parties. To be fair, CoinHive recently released new code that first asks visitors for permission to borrow their CPU resources, but the old version is still on offer as well, leaving critics to wonder why.
Players like CoinHive have come to the attention of anti-virus and anti-malware players like Malwarebytes, Checkpoint and Kaspersky Lab, who have categorized the webite as malware and allow customers to block it accordingly. Malwarebytes says that the main reason they block CoinHive is “because there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.” But if you want to create an exception for CoinHive, Malwarebytes will allow it. It’s all about making sure that people are informed and participate willingly rather than being coerced into donating processing power to a legitimate party or a hacker.
Providers of consumer and business security services like Vodafone are also playing a role in protecting unsuspecting users from sites and applications (as has been reported by some very notable ones, in Google Play) hosting a CoinHive script. Through their network-based Security as a Service offering, Secure Net (powered by Allot), Vodafone is able to identify and block access to sites and apps at risk of being a source for CoinHive code. In fact, in a November press release, Vodafone Spain noted that in recent months on average, their Vodafone Secure Net service blocked CoinHive 800 times per user per month.
The compelling advantage of a network-based service like Vodafone Secure Net is that every-day Internet users like most of us don’t have to become experts on all the latest methods that cybercriminals are cooking up to invade our privacy, extort money, or simply disrupt our lives. We don’t have to know which of the “5 Best” or “10 Best” anti-virus apps to install on our smartphones and which to install on our PCs and how to keep them up to date. The service provider’s network-based security service handles that for us, no matter what device we use. With new malware and hacking escapades showing up in the headlines almost daily (not to mention on our computers and smartphones) Internet security services from a powerhouse provider like Vodafone are one of the best investments a consumer can make to stay safe online.