ADVERTISEMENT

Hijacking hardware in stealth mode


IF your computer is lagging without any good reason, there’s a chance cybercriminals are using it to make cryptocurrency, right under your nose.

This latest form of cybercrime is known as malicious cryptomining.

It happens when criminals gain access to their victim’s device, using its resources like Internet data, the device’s processing power and electricity, to generate cryptocurrency.

As a result, the victim’s device – be it a desktop, laptop, mobile phone or tablet, becomes slow. The infected machine can also burn out and become noisier as it is weighed down by the hidden tasks.

If this crime strikes companies, it can lead to financial losses, as the malicious software slows down machines, hampers productivity and pushes up the electricity bill.

The cybercriminals then pocket the cryptocurrency, after leeching off their victim’s resources.

What’s worrying is that the cryptomining code, embedded in the victim’s device, can run secretly and go undetected for a long time, says CyberSecurity Malaysia (CSM).

For this year so far, less than five cases involving organisations were reported to the CSM.

It’s relatively new, but malicious cryptomining is one of the rising cybercrime trends this year, says CSM chief executive officer Datuk Dr Amirudin Abdul Wahab.

And the public should be informed about it.

“Nowadays, cybercriminals use cryptomining malware as one of their main sources of income.

“The simple reason why malicious cryptomining is gaining popularity with criminals is because it may be a cheaper, more profitable alternative to ransomware,” he tells Sunday Star.

Companies infected with these malicious codes may lose cost in terms of time spent to troubleshoot performance issues and replacing systems in the hope of solving the problem.

Dr Amirudin explains there are two ways cybercriminals can get their hands on our devices.

Firstly, they can entice a victim to click on a malicious link in a legitimate-looking e-mail that loads a cryptomining code on the computer. The script then runs in the background, as the unsuspecting victim continues to work normally.

Secondly, they can also infect a website or online ad with a code.

The victim simply visits the page and the cryptomining starts immediately without user interaction.

In this situation, no code is stored on the victims’ computers and the code continues to run as long as the victim does not exit the browser.

However, some malicious script may have stealth features to keep running even if the browser has been closed.

In both methods, the script will piggyback on the device’s CPU (central processing unit) to carry out the cryptomining process without the victims’ knowledge.

“Based on the incidents we received, the only sign noticed by victims are slower performance or lags in execution. No data was stolen or encrypted.

“Such cybercrimes are mainly stealthier, and it can be a little difficult for companies to identify,” says Dr Amirudin.

To boost protection, he advises users to avoid clicking on suspicious links or attachments received through e-mails and messages.

Other measures include installing anti-virus software and ensuring your device’s operating system is updated with current security patches.

Stressing that anyone can be a target, cybersecurity specialist Vincent Ho acknowledges that malicious cryptomining is more common now.

“This type of cybercrime requires a high degree of skill, stealth, and creativity.

“Individuals like you and me can be targeted.

“But organisations may be more susceptible because they have a public profile through websites, apps, social media and so on,” he says.

He warns that by successfully exploiting an organisation’s website with a cryptomining code, it will be possible to “weaponise” that website so that users who visit the page become another resource to mine cryptocurrency.

“When you break it down to the basics, anything electrical that has a CPU, RAM (random-access memory), and Internet access is another potential target,” Ho explains.

On how much cryptocurrency can be mined by cybercriminals through their victims, he says it isn’t a straightforward answer as it is dependent on factors.

“How much can be mined depends on the amount of resource that’s used to do the algorithmic compute for the specified cryptocurrency.

“If you have more resources, then you will be able to do more mining, and hence get more money.

“But the more you mine, the more time and resources you need,” Ho adds.

Under our law, malicious cryptominers can be punished with the Computer Crimes Act 1997, says Bar Council information technology and cyberlaw committee deputy chairman Foong Cheng Leong.

“It can be considered unauthorised access to computer material or unauthorised modification to computer material,” he adds.

If found guilty for unauthorised access, the cybercriminal can face up to a RM50,000 fine, a five-year jail term or both.

At present, digital currencies such as bitcoin are not recognised as legal tender in Malaysia.

But cryptocurrency exchangers are required to report their activities to Bank Negara.

This reporting obligation, the central bank was reported as saying, is the first step in making activities in the cryptocurrency business more transparent.

Foong says while it is not recognised as legal tender, it doesn’t mean cryptocurrency is illegal.

“You can still use digital currencies to purchase things. It is up to the buyer and seller,” he adds.

However, he points out that cryptocurrency may also be misused, particularly in the black market for illegal purposes like money laundering, purchase of drugs and other undesirable items, to avoid detection.

“I foresee more crimes and disputes may arise from there,” Foong says.

   

ADVERTISEMENT