What is Cryptojacking?

Cryptojacking (also called malicious cryptomining) is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies. It’s a burgeoning menace that can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers.

Like most other malicious attacks on the computing public, the motive is profit, but unlike many threats, it’s designed to stay completely hidden from the user.

Cryptojacking is a scheme to use people’s devices (computers, smartphones, tablets, or even servers), without their consent or knowledge, to secretly mine cryptocurrency on the victim’s dime. Instead of building a dedicated cryptomining computer, hackers use cryptojacking to steal computing resources from their victims’ devices. When you add all these resources up, hackers are able to compete against sophisticated cryptomining operations without the costly overhead.

If you’re a victim of cryptojacking, you may not notice. Most cryptojacking software is designed to stay hidden from the user, but that doesn’t mean it’s not taking its toll. This theft of your computing resources slows down other processes, increases your electricity bills, and shortens the life of your device. Depending on how subtle the attack is, you may notice certain red flags. If your PC or Mac slows down or uses its cooling fan more than normal, you may have reason to suspect cryptojacking.

The motivation behind cryptojacking is simple: money. Mining cryptocurrencies can be very lucrative, but turning a profit is now next to impossible without the means to cover large costs. To someone with limited resources and questionable morals, cryptojacking is an effective, inexpensive way to mine valuable coins.

How does cryptojacking work?

Cryptojackers have more than one way to enslave your computer. One method works like classic malware. You click on a malicious link in an email and it loads cryptomining code directly onto your computer. Once your computer is infected, the cryptojacker starts working around the clock to mine cryptocurrency while staying hidden in the background. Because it resides on your PC, it’s local—a persistent threat that has infected the computer itself.

An alternative cryptojacking approach is sometimes called drive-by cryptomining. Similar to malicious advertising exploits, the scheme involves embedding a piece of JavaScript code into a Web page. After that, it performs cryptocurrency mining on user machines that visit the page.

In early instances of drive-by cryptomining, web publishers caught up in the bitcoin craze sought to supplement their revenue and monetize their traffic by openly asking visitors’ permission to mine for cryptocurrencies while on their site. They posed it as a fair exchange: you get free content while they use your computer for mining. If you’re on, say, a gaming site, then you probably will stay on the page for some time while the JavaScript code mines for coin. Then when you quit the site, the cryptomining shuts down too and releases your computer. In theory, this isn’t so bad so long as the site is transparent and honest about what they’re doing, but it’s hard to be sure the sites are playing fair.

More malicious versions of drive-by cryptomining don’t bother asking for permission and keep running long after you leave the initial site. This is a common technique for owners of dubious sites, or hackers that have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open. Usually it’s a pop-under which is sized to fit under the task bar or behind the clock.

Stay tuned to learn how to stay safe form cryptojacking and how to prevent it altogether.

MAN IN THE MIDDLE (MITM) ATTACK

A man-in-the-middle attack is a category of cyberattack where a malevolent actor inserts him/herself into a tête-à-tête between two parties, impersonates both parties and receives access to data that the two parties were trying to send to each other. A man-in-the-middle attack allows a malevolent actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.

Key Concepts of a Man In The Middle Attack

Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Interactions that are susceptible to MITM Attack

Financial sites – between login and authentication
Connections meant to be secured by public or private keys
Other sites that require logins – where there is something to be gained by having access

Other Forms of Session Hijacking

Man-in-the-middle is a form of session hijacking. Other forms of session hijacking similar to man-in-the-middle are:

Sidejacking – This attack involves sniffing data packets to steal session cookies and hijack a user’s session. These cookies can contain unencrypted login information, even if the site was secure.
Evil Twin – This is a rogue Wi-Fi network that appears to be a legitimate network. When users unknowingly join the rogue network, the attacker can launch a man-in-the-middle attack, intercepting all data between you and the network.
Sniffing – This involves a malicious actor using readily available software to intercept data being sent from, or to, your device.

General Security Principle: Introduction

A principle which is a core obligation of information security for the safe utilization, flow, and storage of information is the CIA triad. CIA stands for confidentiality, integrity, and availability and these are the three main objectives of information security. For a deeper look into these objectives, check out our security training classes.

The Application Access Layer defines the notion that access to end-user applications have to be constrained to business ought-to-know
The Infrastructure Access Layer describes the notion that access to infrastructure components has to be constrained to business ought-to-know. For instance, access to servers.
The Physical Access Layer describes the notion that the physical access to any system, server, computer, data centre, or another physical object storing confidential information has to be constrained to business ought-to-know.
The Data In Motion Layer describes the notion that data ought to be secured while in motion.
This little icon in the middle of the illustration shows the centre of information security and the reason for the emergence of the CIA principles; the icon represents information and represents the need to protect sensitive information.

Confidentiality

The aim of confidentiality is to ensure that information is hidden from people unlawful to access it. The confidentiality principle dictates that information should solely be viewed by people with appropriate and correct privileges. The science (and art) used to ensure data confidentiality is cryptography, which involves encryption and decryption methods.

Confidentiality can be easily breached so each employee in an organization or company should be aware of his responsibilities in maintaining confidentiality of the information delegated to him for the exercise of his duties. For instance, if an employee allows someone to take a glimpse of his computer screen while he is, at that moment, displaying confidential information on the computer screen may have already constituted a breach of confidentiality.

Furthermore, confidentiality and privacy are often used interchangeably. Below, we discuss cryptography, operative manners of protecting confidentiality, and we have included some tips on confidentiality agreements.

Cryptography

Cryptography’s beginning can be traced thousands of years ago. However, the contemporary cryptography differs substantially from the classic one, which used pen and paper for encryption and which was far less complex. The establishment of the Enigma rotor machine and the subsequent emergence of electronics and computing enabled the usage of much more elaborate schemes and allowed confidentiality to be protected much more effectively.

Encryption is an accepted and effective way of protecting data in transit but is increasingly being used for protecting data at rest as well. The Computer Security Institute published the results of a survey in 2007, which showed that 71% of the businesses used encryption for various data in transit while 53% used encryption for selections of data at rest. Furthermore, there are different techniques for preserving confidentiality depending on whether the data is in motion, at rest or a physical object. Naturally, access controls are also a necessity for maintaining confidentiality. Access controls can consist of passwords, biometrics, or a mixture of both. As regards to physical data, its means of protection are somewhat similar – access to the area where the information is kept may be granted only with the proper badge or any different form of authorization, it can be physically locked in a safe or a file cabinet, there could be access controls, cameras, security, etc.

Encryption consists of changing the data located in files into unreadable bits of characters unless a key to decode the file is provided. In manual encryption, the user utilizes software and initiates the encryption. In transparent encryption, the encryption happens automatically without any intervention on the side of the user.

Symmetric encryption occurs by utilizing character substitution with a key that will be the only means of decrypting the bits of information. Conversely, asymmetric encryption is used when there are two keys, a public key, and a private key. Any person may encrypt the information with the public key but it can only be decrypted by the holder of the private key.

Watch this space for more information on this topic!

DoS Attack: An Introduction

A Denial-of-Service (DoS) attack is an attack intended to shut down a mechanism or network, making it unreachable to its envisioned users. DoS attacks achieve this by flooding the target with traffic, or transfer the data that prompts a crash. In both instances, the DoS attack divests legitimate users of the facility or resource they expected.

Victims of DoS attacks frequent target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not characteristically result in the theft or loss of important data or other assets, they can cost the victim a great deal of time and money to holder.

There are two over-all methods of DoS attacks: overflowing services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the scheme to handle. It consists of the attacks listed below, in addition to others that are intended to exploit bugs specific to certain applications or networks

ICMP flood – influences misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.

SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

He can leverage the greater volume of machine to execute a seriously disruptive attack
The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)
It is more difficult to shut down multiple machines than one
The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Modern safety technologies have advanced mechanisms to guard against most forms of DoS attacks, but due to the exclusive characteristics of DDoS, it is still observed as an raised threat and is of higher concern to administrations that fear being beleaguered by such an attack.

What is Replay Attack?

A replay attack is a class of network attack in which an aggressor detects a data communication and deceitfully has it deferred or repeated. The postponement or repeat of the data transmission is carried out by the sender or by the malevolent entity, who intercepts the data and retransmits it. In other words, a replay attack is an attack on the safety protocol using replays of data transmission from another sender into the proposed into reception system, thereby fooling the members into believing they have effectively completed the data transmission. Replay attacks help attackers to gain access to a grid, gain data which would not have been effortlessly available or complete a replica transaction.

Note: A replay attack is also known as a playback attack.

Averting a Replay Attack

Averting such an attack is all about having the right technique of encryption. Encrypted communications carry “keys” within them, and when they’re deciphered at the end of the transmission, they open the communication. In a replay attack, it doesn’t matter if the aggressor who intercepted the original communication can read or decrypt the key. All he or she has to do is seize and resend the entire thing — communication and key — together.

To counter this possibility, both sender and receiver should establish a completely random session key, which is a type of code that is only valid for one transaction and can’t be used again. Another pre-emptive measure for this type of attack is using time-stamps on all messages. This averts hackers from resending messages sent longer ago than a certain length of time, thus reducing the window of chance for an attacker to eavesdrop, siphon off the message, and resend it.

Another technique to avoid becoming a victim is to have a password for each transaction that’s only used once and superfluous. That guarantees that even if the message is verified and resent by an attacker, the encryption code has perished and no longer works.

Sybil Attack

Sybil Attack is a type of breach seen in peer-to-peer systems in which a node in the grid operates multiple identities vigorously at the same time and weakens the authority in reputation systems. The focal purpose of this attack is to gain the middle-of-the-road influence in the network to carry out illicit this is with respect to guidelines and regulations set with in the network actions in the system. A single entity- a computer system has the ability to produce and activate multiple identities. To outside viewers, these numerous fake identities seem to be real inimitable identities.

This attack receives its name form a case study about a woman named Sybil Dorsett, who was treated for Dissociative Identity Disorder. If you are interested in understanding more about this particular case, we suggest that you watch the movie based on the same- “Sybil” (2007). A paper called The Sybil Attack was written by John R. Douceur at the Microsoft Research.

How the Bitcoin network prevents sybil attack?

Bitcoin grid uses the Proof of Work (PoW) consensus algorithm to prove the legitimacy of any block that is added to the blockchain. A substantial amount of computing power is essential to do the work which delivers imbursement motivation to the miners to do authentic work which means a bitcoin reward of 12.5 bitcoins for every block mined is given to the miners and no incentive for the defective work. The dealings are authenticated by every node and vetoed as inacceptable if defective transactions are included in the block. A type of sybil attack, called the 51% attack is also virtually impossible in the bitcoin system because of so many miners, it is very tough for a single group to control 51% of the miners.

Ways to prevent sybil attack

Giving different power to different members – This is on the basis of repute systems. Members with dissimilar power levels are given diverse reputation levels.

Cost to create an identity – To avert multiple false identities in the network, we can put a cost for every identity that aims to join the network. A point to note is that it makes more sense to make it infeasible to operate multiple fake identities at the same time rather than creating new identities. Multiple identities can enforce security, anonymity, censorship prevention.

Validation of identities before joining the network –

Direct validation: An already recognized member authenticates the new joiner of the network.

Indirect validation:An established member authenticates some other members who can, in turn, verify other new network joiners. As the members authenticating the new joiners are verified and validated by an established entity, the new joiners are trusted to be honest.

History of Cryptography

The art of cryptography is considered to be born along with the art of writing. As civilizations evolved, human beings got systematized in tribes, groups, and kingdoms. This led to the emergence of ideas such as supremacy, clashes, sovereignty, and politics. These ideas additionally fuelled the natural need of people to connect secretly with selective recipient which in turn ensured the continuous evolution of cryptography as well.

The roots of cryptography are found in Roman and Egyptian civilizations.

Hieroglyph − The Oldest Cryptographic Technique

The first known evidence of cryptography can be traced to the use of ‘hieroglyph’. Some 4000 years ago, the Egyptians used to communicate by messages written in hieroglyph. This code was the secret known only to the scribes who used to transmit messages on behalf of the kings.

Later, the scholars moved on to using simple mono-alphabetic substitution ciphers during 500 to 600 BC. This involved replacing alphabets of message with other alphabets with some secret rule. This rule became a key to retrieve the message back from the garbled message.

The earlier Roman method of cryptography, popularly known as the Caesar Shift Cipher, relies on shifting the letters of a message by an agreed number (three was a common choice), the recipient of this message would then shift the letters back by the same number and obtain the original message.

Steganography

Steganography is similar but adds another dimension to Cryptography. In this method, people not only want to protect the secrecy of an information by concealing it, but they also want to make sure any unauthorized person gets no evidence that the information even exists. For example, invisible watermarking.

In steganography, an unintended recipient or an intruder is unaware of the fact that observed data contains hidden information. In cryptography, an intruder is normally aware that data is being communicated, because they can see the coded/scrambled message.

Renaissance

It is during and after the European Renaissance, various Italian and Papal states led the rapid proliferation of cryptographic techniques. Various analysis and attack techniques were researched in this era to break the secret codes.

Improved coding techniques such as Vigenere Coding came into existence in the 15^th century, which offered moving letters in the message with a number of variable places instead of moving them the same number of places.

Only after the 19^th century, cryptography evolved from the ad hoc approaches to encryption to the more sophisticated art and science of information security. In the early 20^th century, the invention of mechanical and electromechanical machines, such as the Enigma rotor machine, provided more advanced and efficient means of coding the information. During the period of World War II, both cryptography and cryptanalysis became excessively mathematical.

With the advances taking place in this field, government organizations, military units, and some corporate houses started adopting the applications of cryptography. They used cryptography to guard their secrets from others. Now, the arrival of computers and the Internet has fetched actual cryptography within the influence of common people’s lives.

Social Engineering in Cryptoeconomics

This blog is a continuation of the previous blog that introduces the act of social engineering. It would be wise to read that blog before we can go ahead and explain how social engineering works in cryptoeconomics.

Phishing for Bitcoins

Social engineering attackers are also targeting cryptocurrency.

Researchers at Cisco’s Talos security group have identified a malicious advertising campaign they dub Coinhoarder, which appears to be based out of Ukraine and to have netted about $50 million in the past three years, including $10 million alone in the last three months of 2017.

For this campaign, which began last February, the researchers say attackers purchased Google Adwords to “poison user search results” and direct them to attacker-controlled phishing sites designed to separate them from their cryptocurrency.

“Cisco identified an attack pattern in which the threat actors behind the operation would establish a ‘gateway’ phishing link that would appear in search results among Google Ads,” the Cisco Talos researchers say. “When searching for crypto-related keywords such as ‘blockchain’ or ‘bitcoin wallet,’ the spoofed links would appear at the top of search results. When clicked, the link would redirect to a ‘lander’ page and serve phishing content in the native language of the geographic region of the victim’s IP address.”

At one-point last February, Cisco reports that DNS queries for the gang’s fake cryptocurrency sites exceeded 200,000 queries per hour. A significant number of them came from Nigeria, Ghana and Estonia, leading researchers to suggest that attackers were attempt “to target potential victims’ African countries and other developing nations where banking can be more difficult, and local currencies much more unstable compared to the digital asset.”

Cisco says it’s been sharing intelligence on the operation with Cyberpolice Ukraine.

DNS queries for “block-clain.info” domain. (Source: Cisco Talos)

Many of the phishing sites use real-looking but fake domain names – referred to as “typosquatting” or brand spoofing – for example featuring a word such as “blockclain” – instead of “blockchain” – in the URL, Cisco says. Such typos could be especially effective on users whose first language is not English or for anyone who’s using a mobile device, researchers say.

More recently, Cisco Talos reports that attackers have been refining their campaign by making their phishing sites look more legitimate. “A few months after we began tracking this particular group, we observed them starting to use SSL certs issued by Cloudflare and Let’s Encrypt,” the researchers say. “SSL certificate abuse has been a rising trend among phishing campaigns in general.” (DarknetVendors Sell Counterfeit TLS Certificates).

This is simply an example of how social engineering can be used to in the realm of cryptoeconomics to embezzle people of their digital assets. It is advised that you do not participate in activities that seem malicious.

Social Engineering: An Introduction

Social engineering is a word used to encompass a broad range of malevolent activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first studies the intended victim to gather essential background information, such as possible points of entry and weak security protocols, needed to advance with the attack. Then, the attacker moves to gain the victim’s trust and offer stimuli for consequent actions that break security practices, such as revealing delicate information or giving away access to critical resources.

What makes social engineering dangerous is that it depends on human error, rather than weaknesses in software and operating systems. Mistakes made by genuine users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the five most common forms of digital social engineering assaults. Let’s take a look all the techniques that are used to achieve malevolent interests.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infested with malware, encouraging them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim to perform a critical task.

Phishing

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts fitting to their victims to make their attack less conspicuous. Spear phishing requires much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re much harder to detect and have better success rates if done skilfully.

In tomorrow’s post we will discuss cryptocurrencies and social engineering so stay tuned.

Symmetric Vs Asymmetric Encryption

It’s important to first understand encryption before we get into the main topics of this piece. Encryption is a method or mechanism that empowers you to hide your message or data in a way that only the sanctioned people can access. The origins of encryption can be traced back to the times of the great Julius Caesar. Caesar used this method to send his private/ confidential messages. Caesar’s method, normally known as Caesar’s Cipher is one of the most unpretentious methods of encryption. Compared to it, today’s encryption systems are much more complex and advanced. Today, extremely complex algorithms are employed to convert practical information into an unintelligible format.

Once encrypted, the message/data can only be decrypted using the proper keys, known as ‘Cryptographic Keys’. Basically, a cryptographic key is a password that is used to encrypt and decrypt information. There are two types of cryptographic keys, and they are, Symmetric Key and an Asymmetric Key.

Symmetric Encryption:

Symmetric encryption is a traditional process of Encryption. It is also the simplest of two techniques. Symmetric encryption is accomplished by means of only one secret key known as ‘Symmetric Key’ that is owned by both parties. This key is functional to encode and decode the information. The sender uses this key before sending the message and the receiver uses it to decrypt the encoded message.

This is a pretty straightforward method and as a result, it doesn’t take much time. When it comes to moving huge data, symmetrical keys are favoured. Caesar’s Cipher happens to be a good example of symmetric encryption. Modern tactics of symmetric encryption are implemented using algorithms such as RC4, AES, DES, 3DES, QUAD, Blowfish etc.

The most common form of symmetric encryption comes once an encoded connection has been negotiated between a client and a server with an SSL certificate installed. Once the connection is transferred, two 256-bit session keys are created and traded so that encrypted communiqué can ensue.

Asymmetric Encryption:

Asymmetric Encryption is a comparatively new and complex mode of Encryption. Complex because it includes two cryptographic keys to contrivance data security. These keys are called a Public Key and a Private Key. The Public key, as the name suggests, is available to everyone who needs to send a message. On the other hand, the private key is kept at a secure place by the owner of the public key.

The public key encrypts the data to be sent. It uses a specific algorithm in doing so. Whereas, the private key, which is in proprietorship of the receiver, decrypts it. The Same algorithm is behind both these processes.

The contribution of two keys makes Asymmetric Encryption a complex technique. Thus, it proves to be enormously beneficial in terms of data security. Diffie-Hellman and RSA algorithm are the most extensively used algorithms for Asymmetric Encryption.

The piece has covered some of the most fundamentals of symmetric and asymmetric encryption in a very simple and abstract way. Please comment your thoughts or doubts down below.