I have often been asked "What would a hacker want with my network?". Most people don't see the value of a hacked network because they envision hackers as targeting an individual to exploit them personally. While this notion of personally targeted hacking can occasionally happen in the case of high profile targets, it is the exception to modern day hacking, not the rule.
Today's hackers typically use automated scripts, targeting all networks globally with email blasts in an attack commonly known as phishing. The goal of phishing is to send a convincing email to trick the end user to either visit a compromised website or execute some hidden code embedded in a document such as an Excel spreadsheet, Word document, image, or pdf.
But once you are "hacked" what would the hacker do with your network? There are many answers to this. It all depends on the motives of the hacker. They could set up a listening post on your network in a printer to watch everything you do and report back daily to further exploit you personally, they could enslave your IoT devices to be used in a denial of service attack, or they could use the slave army of your computers and IoT devices to mine cryptocurrency for them!
Yes... Mirai, The Infamous Internet of Things Army, Can Now Mine Bitcoin! You all remember that Internet of Things botnet? The one known for temporarily shutting down a number of the world's largest websites last autumn?
Well, a newer version has been detected, but as well as being able to issue DDoS attacks and the like, it's equipped to mine bitcoin.
In the digital age, it's possible for hackers to infect and take control of insecure Internet of Things (IoT) devices, say, toasters, cameras or other web-connected devices. They can then bundle them together into a botnet, using their combined capacity to shoot spam at websites or internet structures, slowing them down or sending them offline.
That's what happened in a series of attacks in the fall, using the malware dubbed Mirai.
The software was open-sourced soon after - much to the dismay of security engineers - and, since then, different strains iterating on the first version of the botnet have cropped up with added abilities.
One strain, known as ELF Linux/Mirai, has now been detected mining bitcoin for a few days, according to research from IBM X-Force, the Big Blue's cybersecurity research wing. It seems some unknown hacker (or hackers) is experimenting with using the power accumulated from IoT devices to mine the digital currency and possibly make some cash.
This could be an omen for future IoT botnet use cases, argued Dave McMillen, IBM Managed Security Services senior threat researcher and author of the report.
The team "dissected" the binary to discover that the Linux version of the malware is similar to the more typical Windows version.
"It was detected as a slave miner by multiple tools, however we are still investigating other properties of the variant," McMillen added.
While there are now many variants of the botnet, ELF Linux/Mirai has extra abilities in that it can execute 'SQL injection' (a notorious way to take control of databases) and execute so called 'brute force' attacks.
But, the Linux version has an extra add-on - the bitcoin miner component.
IBM speculates in the report that the botnet creators may be looking for a way to make bitcoin mining with compromised IoT devices a lucrative venture.
"Realizing the power of Mirai to infect thousands of machines at a time, there is a possibility that the bitcoin miners could work together in tandem as one large miner consortium. We haven't yet determined that capability, but found it to be an interesting yet concerning possibility."
So what would the impact be to a smart-home or business automation network? Bitcoin mining is extremely CPU intensive. A network infected with Bitcoin miner malware would experience sluggish performance across all infected devices, increased heat load and a dramatic and ongoing spike in electricity consumption.