A review of cryptojacking
To some degree or another, most of us have heard of the term “virtual currency”. This is essentially the cloud-based version of the traditional paper money. For example, with Ransomware a cyber attacker wants to be paid with this new type of currency, usually in the form of Bitcoin. There are other types of virtual currencies that are out there, and collectively, these are also known as “cryptocurrencies”.
There was a time earlier last year, when cryptocurrencies were all the rage, especially in the financial markets. Future contracts and even indexes were created and tracked for them and were traded heavily. For a period of time, the value of them went sky high, and people thought that this would be the real thing again, just like the .com craze back in the early 90’s.
But, as that came to a crashing end, so did the volatility of the cryptocurrencies. They are still being traded, but not with the volume and the market capitalisation that it once had. Now, here is another twist to the story. The cyber attacker is entering into this realm, with a new threat called “cryptojacking”, which is essentially mining the various cryptocurrencies for monetary value.
But first, it is important to define what cryptomining is all about, and it is as follows:
“Bitcoin mining is done by specialised computers. The role of miners is to secure the network and to process every Bitcoin transaction. Miners achieve this by solving a computational problem which allows them to chain together blocks of transactions (hence Bitcoin’s famous “blockchain”). For this service, miners are rewarded with newly-created Bitcoins and transaction fees.” (SOURCE 1).
Technically, cryptojacking can be defined as follows:
OK, so now we have two long definitions, let us put these in simpler terms. We all have an idea of what a virtual currency is. Because there is no way to actually track down this digital currency, it needs to be made secure on the Internet.
So, this is where the mining aspect of it comes into play. It is their job to protect all of these currencies and transactions, by having the ability to solve overly complex math problems.
Once this has been done a successive fashion, all of these transactions then form a “block” (aka the “blockchain”) which creates the line of defence to protect these virtual currencies and their associated transactions. In return for their services, these miners (which are legal entities by the way), are paid a certain fee percentage.
Our next article will examine how a cryptojacking attack is launched.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.