My family was blessed to have been invited on a “Christmas” cruise this past December. We wore our ‘Merry Cruisemas’ shirts the day we boarded the massive ship, and really embraced celebrating Christ’s birth at sea somewhere in the Caribbean. While there were many “best” parts of the cruise, the most memorable days were those days spent with my family at the different ports. When the ship docked, we disembarked and got serious about having fun in new locations. We embraced the locals, their culture and all the history surrounding these magnificent cities. Of course, the days off the ship also involved shopping for Country-specific souvenirs for us and loved ones: coffee, chocolate, soccer jerseys’, etc. One of the coolest aspects of shopping was the real-world/real-time (How much is this? Cuanto cuesta?) education that our kids (and my wife and I) received in the foreign currencies that varied from country to country and their different monetary conversions. My son was quite shocked when the Columbian National soccer jersey he wanted cost an astounding 42,935 Columbian Peso’s. Luckily for him and for the allowances that he had saved for the trip, this equals about $15.00 U.S. Dollars.
A renewed fascination in different currencies is also happening globally, especially here in the United States (and like my son--with similar levels of shock and awe!). However, the increased level of interest has nothing to do with paper money but rather digital currency. Have you been keeping up with all the Bitcoin hysteria? Digital currency is a type of currency available only in digital form (paperless, no coins, etc.). The most popular form of digital money is the Bitcoin, however, there are a number of other forms such as Litecoin (billed as the silver to Bitcoin gold), Zcash and Ripple to name a few. But like the green paper stuff we call the $U.S. dollar, digital money is used to buy common goods and services, and it’s acceptance in the marketplace is becoming more widely accepted even as you read this article. In fact, it was just announced last month that JPMorgan and Goldman Sachs were taking the necessary steps to legitimize Bitcoins as an official form of payment. In the past, Bitcoins were considered fraudulent and used only by cybercriminals. But they are quickly moving into a position of legality and possibly preferred status. (This is happening, people!)
Bitcoin first emerged on the currency scene back in January 2009. Bitcoin currency went relatively unnoticed for many years. However, within the dark web, cybercriminals slowly began selecting Bitcoins as their currency of choice due to it being a pseudo-anonymous method of payment (achieving perfect anonymity is all but impossible). It was not until May 2013, that the world was forced to open its eyes (and pocketbooks) to the world of Bitcoins, with the emergence of the CryptoLocker ransomware and its massive extortion attack, which encrypted files and held them captive until a $400 ransom was paid. The attackers preferred form of payment? Bitcoins. CryptoLocker was Bitcoin’s grand entrance into daily trade.
When the first version of CryptoLocker was released, the cybercriminals demanded 2 Bitcoins (BTC). The value of a Bitcoin at the time had increased to $200. By November/December 2013, the value of a Bitcoin increased significantly had reached heights as high as $1,250. Even the authors of CryptoLocker took note and updated their ransom notes (as displayed on infected victim systems) to a decreased payment—lowering their demands to 0.5 BTC (because of the inflated and elevated value of Bitcoin.) Unfortunately, total payments made to the CryptoLocker creator(s) to free/decrypt user files were estimated to have been over $3 million. At the time of this writing, 1 BTC was worth an astounding $14,450! What does that mean? Well: With an initial value of $200/BTC, it is possible that up to 15,000 BTCs were paid in ransom in 2013 for CryptoLocker alone. In today’s dollars, those same 15,000 BTCs would be worth $216,750,000.00! That’s a lot of coin!
We have always known that cybercriminals desire to be where the money is. If you are interested in tracking hackers and those using their technological gifts for evil instead of good, we can find wisdom in the famous quote from the movie Jerry McGuire, “Show me the MONEY!!!”. This is solid logic in looking to where you will find a focus on new and emerging cybercrime. Still today, new ransomware attacks continue the Bitcoin payment trend, as ransomware (and malware creation in general!) has turned into a fully functional business. Look no further than the ever-developing Ransomware-as-a-Service (RaaS) phenomenon (Past Article) Is there any wonder this form of digital money has such a bad reputation? Skyrocketing digital currency will only make matters worse and serve as a huge encouragement for cyber thieves to work that much harder stealing at your hard-earned money. It should be noted that by the end of Quarter 4 2017, Thirtyseven4 was detecting nearly 30,000 pieces of ransomware daily. (We give our best effort every day to save you a lot of Bitcoin!)
I would like to wrap things up by concluding that the worst is behind us, but I can’t do that. The global acceptance of Bitcoins (and other forms of digital money) as legitimate currency is already leading to new and greater threats. Are you looking for a dire prediction for 2018? Be ready, and start educating yourself on the term “Cryptojacking”. Cryptojacking refers to the secret mining of cryptocurrency. Hackers participate in cryptojacking when they purposefully exploit and use someone’s browser to harvest cryptocurrency like Bitcoins. Without getting too technical (Past Article), Cryptocurrencies operate through a distributed ledger where computers are used to verify and add to the ledger. It is estimated that a single BTC transaction (the process involved in cryptojacking) consumes 215 kilowatt-hours (KWh) of energy. Imagine the performance hit on each system. Bottom line: each computer exploited/compromised adds to the ledger. Each addition to the ledger creates more currency. It is possible that publishers would give users an option to opt in or out for allowing their systems to be used for cyptocurrency mining, however, common sense tells us that these scandalous activities are happening without user’s consent, making the process malicious. In many cases, cybercriminals are hiding mining code in ads and injecting them on legitimate websites. And with Bitcoin values exploding to record (unimaginable!) new heights, cyberthugs are mercilessly attempting to “show me the money”. They’re coming after your systems, your parent’s systems and your co-workers systems to harness the computing power to make more money!
Wow, this is a feel-good message to ring in 2018, isn’t it?
And honestly, my intent is always to educate you as readers, and never to create fear (or havoc!). It is wild to realize how far technology has come over the years, the decades, the centuries. In many ways—for good. On the cruise we visited some Mayan ruins in Mexico, and we learned that the Mayans used cocoa beans (among other things) as currency. There was value and practicality in cocoa. Now the peso is used in daily transactions there. Learning (with our kids) about these things and the progression of currency in Mexico was interesting, and I dare say innocent. But our tour guide (part Mayan) also shared that part of the progression from cocoa beans to pesos was the conquering of the Mayans by the Spaniards. They eliminated the cocoa bean as currency, but they also eliminated most (or legend says “all”) of the pure-blood Mayans along the way. Progress is not positive for all involved. As we see the emergence of a new currency (Bitcoin), we have seeds of negative and harmful financial ramifications. In any culture, we hope for positive change and development, but there will always be other side of the coin as well.
On a lasting brighter note, please know that there are good guys to this story as well. Here at Thirtyseven4 we are working feverishly and around-the-clock in developing proactive countering measures against the bad guys.
Per our In-Lab analysis and live observations, we identified that cryptojacking is mainly being performed by attackers in two ways:
1. By compromising legitimate websites and adding link/URL of mining websites into the genuine webpage. In this case, cryptomining is performed whenever the user visits that compromised website
Given that, our Thirtyseven4 Browsing Protection successfully blocks these compromised sites being used to mine cyptocurrency. We are literally updating for thousands upon thousands of compromised sites daily to our Web Filtering system.
2. By adding suspicious chrome extensions containing mining URLs that perform cryptomining each time the browser gets loaded.
For this, our Thirtyseven4 Virus Protection (real-time scanner) and our Anti-Malware engine successfully detect these malicious chrome extensions (detected as "CRM.CoinHive") and clean them on-the-fly.
And so Bitcoin is the latest form of currency in the world market. Never before have we bartered with a cyber-form of value. But with the progression of society and technology, history proves that this type of evolution was predictable, and so was the exploitation associated with it. From tax collectors in ancient times to investment schemes today, there will always be those that exploit people. Cyberthugs demanding Bitcoin are making this currency infamous. But historically (and currently!) there is also always “the other side of the coin”. There are silver linings and in this case—levels of protection to keep you safe.
Just as we realized afresh after our cruise, there are many peoples, many countries, many currencies, but we all share core foundations and at the root of it, there is good in all of us. Evil has always tempted, and attempted to choke out Good, and yet by the grace of God we persevere and our methods persevere. Bitcoin has arrived. Its roots are capable of negativity, but Bitcoin also has the possibility of brilliance as well. Let’s watch together to see how its progression unfolds, and if this coin lands on heads or tails. But just to be sure, keep your AV Security up to date!
Over the first 30 days of 2018, Thirtyseven4 has detected over 4,000 Code Mining Sites