Part 2 of 2
In Part 1 we defined cryptocurrency, blockchain and miners and explained how it works. Although the mainstream users are not jumping onto the digital currency wagon with feverish excitement, the cyber criminals are identifying ways to make this work in their evil favor.
Most notable is the demand for Bitcoin payment when a computer falls victim of a ransomware attack. Due to the transaction steps used to process Bitcoin, an attacker can remain anonymous. Thus, once the payoff is completed there is no way to trace back to the attacker’s identity.
Bitcoin is not completely anonymous. The WannaCry ransomware took an extra step in this process to convert their Bitcoins into Monero. Monero is another form of digital currency with even stronger privacy restrictions.
All cryptocurrency systems work basically the same way. Transaction amounts and Bitcoin addresses are visible to anyone in the transaction ledger. But that’s it. There is no easy method for obtaining the identity of the user.
Law enforcement has been analyzing chains of transactions and sometimes are able to trace the criminals back to a particular system and identify the perpetrator. However, with the development of stronger and more complex privacy technologies, this becomes a more limited endeavor.
E-currencies have also been used for scams, tax evasion, fraud, narcotics and arms trafficking and other illegal activities.
Bitcoin mining is the process of collecting transactions and turning them into a mathematical equation. The miner who finds a solution then receives a Bitcoin reward. So how do the evil entities use mining as an attack vector?
Cyber criminals will use botnets to distribute mining software through adware programs and apps victims have installed onto their systems. By piggybacking on the victim’s computer’s processing power they are confirming transactions and generating new coins. This makes the mining process much more profitable when the crook has formed an army of processors.
The victim may not know that this activity is happening but might notice a degradation in performance on the computer. While the miner is reaping all the benefits of the Bitcoin transactions, the victim is suffering with a compromised machine.
How can you protect yourself?
- Install anti-virus software and keep it up to date
- Do not download or install unnecessary programs or apps
- Install ad blockers
- Do not open attachments from suspicious emails