In the last seven months, a new threat has emerged on the horizon. Smart cities around the world are reporting instances of crypto mining malware being discovered within their networks and IT infrastructure. The ‘devaluation’ of bitcoins as a virtual currency has not affected this trend much as newer variants are being encountered at an alarming frequency.
Data from Subex’s global honeypot network has shown a steady increase in cypto-mining malware detection.In the last couple of years, hackers have spent considerable amount of time studying systems bearing significant processing capacity that is not utilized to its fullest. They have also been recceing such systems for detecting vulnerabilities and backdoors to insert this type of malware. After months of early beta testing in the summer of 2017, many such malware were released in latter half of that year to successfully infest many critical IoT deployments.
In early 2018, security teams started responding to these attacks by isolating this genus of malware and studying them. The first wave of infections that went undetected for months were finally uncovered and security managers started to deploy rule-based security systems to detect and ‘kill’ them. The second wave which emerged initially as variants of initial malware before morphing into a separate genus by themselves are now found in many critical and non-critical systems connected with smart cities.
So why are smart cities being attacked frequently by crypto-miners?The command and control infrastructure of smart cities is a gargantuan repository of processing power. Since the unit must control and manage key functions of a smart city or even a collection of smart cities, it must have such a level of processing capability at its disposal. This presents hackers with a unique incentive as crypto mining requires processing power and so hackers often attempt to hijack such capabilities from laptops, desktops, idle servers and any facility that has ample processing power. Such attempts to mine crypto-currency in an illicit manner are termed crypto-jacking.
Crypto miners are also being used in constrained connected devices that generally fall in the IoT category.
Defending against crypto-miners
To defend against crypto-jacking, security analystsadvice relying on a combination of strategies. The first is to baseline CPU activity so that any deviation is immediately identified and analysed. Employees and others on the network should be sensitized against indulging in online behavior that could up the risk. Unnecessary services that have no operational significance should be disabled and all services should be constantly monitored from a use and security perspectives.
It is important to defeat the nefarious designs of illegal crypto-miners at the earliest instance possible. This will not just reduce the risk of damage due to their activities but also serve as a deterrent for such hackers by increasing the cost of activity for them.
It goes without saying that unless we provide adequate emphasis on this problem, we will have face bigger risks in the future while the threat environment surrounding smart cities deteriorates.
(The author is VP- IoT Business Solutions, Subex)