Going to the mine is not what it used to be ... In the digital context, of course, and focused on obtaining cryptocurrencies. Sometimes in a lawful way, through their own means and resources, and sometimes not so much, taking advantage of the resources of others, with the installation of malware on the victims' computers so that they can use their resources, or because whoever does it is free to roam. taking advantage of its status and the resources it manages (which do not belong to it).
In November of last year the Italian authorities discovered at the Lamezia Terme airport, thanks to the alert of the technicians of the IT services provider company, Sacal (a third party), a cryptocurrency mining campaign that affected computer systems From the airport.
The Reggio-Calabria Police investigation showed that a 41-year-old technician, administrator of the airport's computer systems, used the airport's infrastructures to mine cryptocurrencies, specifically Ethereum, using malware installed on these services. .
Given the costs that this process generates, both in the value of the equipment necessary to do so, and that of the electrical energy consumed in the process, the sole administrator of these systems considered, given his position, that he could carry it out without being detected.
If it is serious that the resources of the systems that control airports are depleted or, worse still, blocked by this action, it is even more so, if possible, if what is used are the infrastructures of a nuclear power plant.
Another case was the one that occurred at a nuclear plant in Ukraine, specifically at the South Ukraine Nuclear Power Plant, located near the city of Yuzhnoukrainsk, in the south of the country, in August 2019. computer resources of the plant, but several employees brought their own computers into the premises to save themselves the bulky electricity bill of the cryptocurrency mining process.
These employees also connected their personal equipment to the internal network of the nuclear power plant itself, bypassing all the protections of the infrastructure and exposing the security of the entity to the risks of their own domestic equipment.
To obtain cryptocurrencies (cyber currencies) a set of processes are followed whose objective is to validate and record transactions in a chain of blocks (blockchain), through the use of appropriate hardware (machines, graphic cards in the case of Ethereum) and great resource consumption (energy, mainly).
Almost always, obtaining these coins, their value, does not justify the cost invested in it (if it is done from home) so picaresque and crime come into play. Well through a malware that, together with the creation of a botnet, allows infecting the number of machines on the internet necessary for this purpose, turning it into a zombie network that works to obtain these coins. Either through an infrastructure that is available to the cybercriminal, as are the two cases mentioned above.
If we analyze the incentives for the use of these cryptocurrencies, mainly their high value (and volatility) and that they reduce costs and times in the transactions in which they intervene (since there are no intermediaries), we will understand that they can be very attractive and, therefore , move those who should not get them if they have the opportunity.
At LEET Security, as cybersecurity raters for both, companies and critical infrastructures, we are very aware of what these actions represent and we place emphasis on reviewing specific controls that eliminate these risks.
Given that we are presented with the eternal problem of who "controls the controller", we verify that the aforementioned entities take into account, among others, the following actions:
  • Emphasis must be placed on the segregation of functions, within well-dimensioned teams and the rotation of the most sensitive positions.
  • Trust, as an added value to the selection process of the appropriate personnel.
  • Training and awareness, as fundamental elements for the staff to be aware of their functions and the responsibilities that these entail.
  • Implement an access policy to only what is necessary to know.
  • They put in place a good access control system based on double / multi factor authentication.
  • Regular audits and constant security evaluations to have the most up-to-date situation data.
And, together with the above, develop and implement a good incident management process whose evidence is beyond the control and manipulation of administrators.
Let's do everything we can to avoid this problem or, as Benjamin Franklin said:
"Rule your business, or your business will rule you."

All you need is LEET

Suscribe to our newsletter here

You can follow us on twitter.com/leet_security

13 de mayo de 2021