The illegal mining of virtual currencies using the users' computer has already become the most common form of attack by cybercriminals in 2018. However, currently, another target has gained popularity: the term Internet of Things used for electronic devices such as security cameras, babys electronics, printers, routers, media players, platforms and systems connected to the web through integrated software, such as Wi-Fi and Bluetooth. This is because of the fragile security of devices: weak passwords, outdated and vulnerable software.
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
According to a report published by security company Avast last year, one in five IoT devices is vulnerable to hacker attacks in Brazil, corresponding to 21.1% of devices in this category.
READ: Polmica: sites use their PC to make money hidden and slow Internet
Internet of Things may be the target of a cryptocurrency mining scam Photo: Divulgao / FISL
From this information, it is possible to understand why the IoT appears to be ideal for cryptocurrency mining attacks. Next, the TechTudo explains what cryptominerao, how hackers act on cryptojacking and how you can protect your devices.
To understand the meaning of cryptojacking, it is first necessary to assimilate what cryptocurrencies are. Virtual currencies, such as Bitcoin and Monero, are generated when computers loaded with cryptographic software perform complex mathematical calculations. The faster computers complete calculations, the more electronic money they make.
The crypto mining without authorization from the owner of the device called "cryptojacking " English term that emerged from the junction of the words cryptocurrency and hijacking (cryptocurrency and hijacking, in Portuguese). In this scam, hackers can attack IoT devices to increase the speed of calculations and, consequently, their profit all without the user's permission or knowledge.
Refrigerator Internet of Things device and can be affected by cryptojacking Photo: Fabrcio Vitorino / TechTudo
For Cleber Paiva, product manager at PROOF, a company specialized in cyber security, criminals look for vulnerabilities in websites and devices to monetize their attacks. The act is similar to a parasite that does not render the victim useless, but seeks to remain in its host without being noticed. "Unlike ransomware attacks, which used cryptocurrencies as monetization, causing the user to pay to regain full access to their systems, in this scam the hacker wants to remain hidden to use as much of his device as possible in favor of cryptomineration", explains.
As cybersecurity expert Sherri Davidoff revealed in a recent crypto webinar, most of the attacks identified by his company, LGM Security, target devices that make up the Internet of Things. Because they are connected to the Internet and have poor security, IoT devices can easily be infected with malware and their processors usedryptojacking.
Security cameras, for example, are one of the main targets because they connect to unprotected public networks and are quite generic. In this way, the same malware can be used to infect devices of different brands. In some cases, these devices do not allow users to change their default security passwords, which makes the attack even easier.
Security cameras are easier targets for cryptocurrency miners Photo: Disclosure
Given that many IoT devices do not have an updated antivirus or an intrusion detection system, it is more likely that the malware will remain undetected for longer. The situation would be different with smartphones or computers, for example, which normally have more efficient security software.
If you are the target of cryptojacking, your device's processor should experience a considerable reduction in speed. This is because the device divides normal processing with clandestine cryptocurrency mining activity. In addition to degrading battery life, the blow can overload or possibly burn the electronics processor.
To protect yourself, it is important that users perform some procedures to increase the security of the devices. The user must create strong and complex passwords, keep software always up to date and use additional security controls, such as a good quality antivirus, explains Cleber.
Strong passwords are considered to include a combination of letters, numbers and symbols. Another tip is to avoid using the same credential for multiple accounts otherwise, if a hacker accesses some device, he will also have access to several others. It is also important to avoid connecting to unprotected networks, such as unknown Wi-Fi without a password. Insecure connections can make your device vulnerable to attack.
It is also advisable to keep operating systems, software and applications always up to date. Often, developers make updated versions of the program available, which feature possible fixes for vulnerabilities. Finally, it is also worth turning off devices that do not need to be connected to the Internet when they are not being used, such as, for example, a smart TV.
According to data released by Kaspersky, the number of users infected by cryptocurrency miners grew 44.5% from 2016-2017 to 2017-2018. Another important data, released by the Japanese company TrendMicro, points out that cryptocurrency mining was the most detected network event in domestic routers in 2017. The number of malware detections that mined cryptocurrencies increased more than 10 times between the first and the last quarter of 2017.