Cybersecurity continues to be a great concern for many websites and companies. We have the case of the WannaCry software attacking computer owners. The case where CCleaner was distributing malware. And even companies like VEVO and EQUIFAX having their data leaked because of various reasons. However, this sort of attacks is different than usual because it’s used for “Crypto-cash” mining.
What happens is that multiple websites for Schools, Charities and File-Sharing are being hacked. They get some code installed in their structure to make visitors’ computers “Mine” cyber currencies. One scan of the most popular websites (Including ThePirateBay, Showtime and TuneProtect.) found hundreds harboring the malicious mining code. This basically gives hackers the chance of earning a quick buck by abusing unsuspecting users.
Rik Ferguson, vice-president of security research at Trend Micro talks about how this is a numbers game. “There’s a huge attraction of being able to use other people’s devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources,” he said.
Professor Matthew Caesar from the University of Illinois talks about how easy it is to do this sort of thing as well. “If someone can hack into a cloud account they have access to a huge amount of computer power,” he said. “They can get huge value from those accounts because there’s not much limit on the number of machines they can use.”
The victims of these attacks can be left with a huge debt that doesn’t get revealed until the bill comes around. “The billing systems the cloud services run do not reveal what’s going on. Someone can get in and cause a lot of damage before they are shut down.” Said Caesar.
This basically means an attacker can come in, get the coin mining protocol running, and then leave the site with the owner collecting a huge debt due to the mining that took place. There are counter-measures being developed by the Illinois researchers, but we need to wait to see how this develops first.