It’s diamonds that are forever, not your computer hardware. A few weeks ago, I was pleasantly surprised when I received a 5-minute voice note from an enterprising young man that I know from my local church. The Chemical Engineering graduate innocently elaborated his plan of crypto mining on any high-powered computer I may own.
Essentially, he was politely requesting to digitally “korokoza” in my backyard, as he claimed that his software would quietly and unobtrusively crypto mine in the background. Fortunately, being a man of virtue, he was not wielding any weapons or hurling any threats nor insults as you normally see from everyday Korokozas. He was most sincere and humble in his ignorance. Naturally, I had to respond with a voice note twice as long explaining why I had to courteously decline.
“Korokoza is a slang word in the Shona language that refers to an illegal miner or illegal mining activity.”
Cryptocurrency has been and still is the current rage. Centred on blockchain technology the digital currency has created an entire economy and value chain around it. The trillion-dollar Cryptocurrency market is on an exponential growth trajectory with no end in sight. This growth encompasses both legitimate transactions such as trading and mining as well as unscrupulous gains such as pyramid schemes and “get rich quick scams”. That’s a story for another day as many have fallen victim to the adage, “all that glitters is not gold”.
“All that glitters is not gold”
A very basic definition of crypto mining would be the use of a computer to solve complex mathematical problems every time a crypto transaction is affected. The reward for facilitating these transactions is a fraction of Bitcoin, hence the term mining and the reason why my Chemical Engineer friend was looking for a “powerful” computer to crypto mine. Commercially, the most efficient computers that conduct crypto mining are ASIC (application-specific integrated circuit) machines which are basically purpose-built computers. Apart from these machines, the closest type of computer that can mine crypto quickly is any computer with a dGPU (Dedicated Graphic Processing Unit) or more commonly referred to as a graphics card or powerful CPU (Central Processing Unit). Every computer has a graphics card but not all cards are equal. The same way that all mine operations extract ore but not all extraction methods are equal. Some have underground mining machines and others are “korokozas”.
Once the hardware is in place, special software is installed to connect to the blockchain database (distributed cryptosystem) over the internet and the mining begins.
Although ASIC machines are now the most efficient and fastest way to mine cryptocurrency, the underlying blockchain technology was built to run on normal computers. Installation of the crypto mining software will turn any computer into a crypto miner. What most people don’t realise is that the harder you work your hardware, the more wear and tear it experiences. It’s not just electricity and 1’s and 0’s. When you push your computer harder than usual with crypto software solving complex problems, chips and circuits use more electricity and generate more heat. The fans run faster and spin a lot more than normal. The RAM cycles more than usual and your hardware ages significantly quicker.
Cryptomining is now so prevalent that without specialised hardware like an ASIC machine and a highly subsided electrical power source, the potential monetary gains continue to dwindle. Unless of course, you get the processing power and electricity for free. Enter our Korokoza. The decision to mine cryptocurrency on your home laptop should be a well thought out and calculated one. In most cases, the losses outweigh the gains. Unfortunately, the same way that Korokozas enter restricted areas and illegally extract mineral resources, so have modern criminals taken to crypto-jacking.
Crypto-jacking is a cyberattack where black hat hackers install malware on target computers to illicitly mine cryptocurrency in the background unbeknownst to the victim. The usual modus operandi of malware has been to cripple a computer and cause as much pandemonium as possible but in the case of crypto-jacking, the assailants make every effort to keep their victim’s computer running to make full use of the processing power. Some are even prudent enough to recognise interactions from the user and pause crypto mining in order to avoid detection. In a single-user environment, this can be annoying but in a corporate enterprise, such hardware abuse can translate to thousands of dollars in premature computer hardware failures. Recent studies have shown that although there has been a great upsurge in ransomware attacks, a lot of hackers are preferring crypto-jacking as it carries less risk whilst allowing for reasonable returns. That fact alone is enough cause for concern around this issue.
The question that beckons is how a computer gets infected in the first place. The sad reality is that the usual tactics such as phishing, trojans and ransomware are still being successfully employed to deliver the malware. What has changed is the end goal. Existing vulnerabilities to unpatched systems such as the Windows EternalBlue exploit and the Exchange Server Hafnium vulnerabilities are being used as the perfect gateways for delivery. What is also worrying is the use of “agentless” miners that operate through your browser without the installation of any software. Simply opening a particular website could allow your browser to immediately start to mine cryptocurrency on behalf of crypto-jackers. Another lengthy conversation that deserves an article of its own.
The myriad of delivery options opens the discussion around prevention, detection, and response. Quite basically the prevention methods that cybersecurity programs have employed to prevent and avoid known threats and vulnerabilities is the same way that crypto-jacking malware can be prevented and avoided. Software updates and patching along with antivirus and antimalware solutions are at the top of the prevention tactics hierarchy.
Detection on the other hand is where things differ slightly in that ICT staff need to be trained on the identification of crypto-jacking malware. This includes monitoring spikes in the baseline resource usage of client computers and unusually high network traffic, to and from particular nodes. Inspection of inbound connections is incredibly important on any enterprise network, but egress filtering can quickly highlight areas of concern. Dedicated internal cybersecurity teams need to stay abreast of trends as some crypto mining codes have been found to embed themselves into the victims’ websites essentially creating the perfect delivery medium through a trusted source.
Response and remediation to crypto-jacker detection can range from simply killing and blocking the process of browser-based crypto miners to the implementation of software installation policies that disallow the installation of certain software and extensions. Ultimately, corporate internal cybersecurity teams need to ensure that both ICT and end-users are aware of this resource pillaging attack and seek assistance from cybersecurity firms where necessary. Individuals experiencing unusually high CPU usage, fan speeds and network bandwidth along with a “freezing” computer should strongly consider running malware scans or possibly reinstalling their computer operating system.
As long as we have cryptocurrency, which will most likely be forever, we will probably have cryptojackers. The cat and mouse game between Whitehat and Blackhat hackers is here to stay. Be safe and beware of digital korokozas.
About the Author
Taz Chikwakwata is a cybersecurity specialist with over a decade of experience implementing and maintaining Information Security Management Systems. He is the Managing Consultant for Cybernesis and can be reached at email@example.com
Cover Image Credit: The Zimbabwean