Sting operations coordinated and carried out by international crime-fighting agency Interpol in Southeast Asia to stem the proliferation of cryptojacking malware has resulted in a massive 78 percent drop in infections.
Interpol was forced to take action after more than 20,000 routers were infected with the Coinhive cryptojacking malware that cybercriminals installed in MicroTik routers. In the six months between June 2019 and January 2020, the agency, assisted by TrendMicro, a global leader in cybersecurity and enterprise data security, carried out the sting dubbed Operation Goldfish Alpha that ultimately reduced the number of affected routers by almost four in every five infected routers.
What is cryptojacking?
Cryptojacking, also known as malicious crypto mining, became very rampant around the world from around mid-2017 through 2018 and peaked in 2019. This is an emerging online crime threat that lives discreetly on computers, computer accessories, or mobile devices to use the system resources to mine various kinds of cryptocurrencies.
Cryptojacking is a new form of cybersecurity threat that was brought about by the possibility for hackers to use victims’ computer resources to mine cryptocurrency. According to a report by Kaspersky solutions released in the third quarter of 2019, cryptojacking has already overtaken other forms of cybercrime, including ransomware, in terms of prevalence and frequency.
This previously little-known menace can take over computer browsers, compromise routers to proliferate among devices on a network, and even ‘hijack’ servers to mine digital assets without the owners’ awareness. Like many other malicious attacks on computers, the primary motive for cryptojacking is profit.
Interpol revealed the outcome of Operation Goldfish Alpha in a press conference in Singapore on January 8th. The agency made the startling revelation that hackers took advantage of a vulnerability in MikroTik routers to infect over 100,000 routers around the world. They pointed out that their operation focused on the ASEAN (Association of Southeast Asian Nations) region after its intelligence showed that the highest number of infections (about 18 percent) were in the region.
International collaboration vital to fighting cryptojacking
Cryptojacking is a new kind of cybercrime that came about with the introduction of cryptocurrency or digital money. It is a kind of threat that the security agencies were not prepared to tackle before. To make operation Goldfish Alpha a success, Interpol’s Global Complex for Innovation (IGCI) and Cyber Foundation projects partnered with various organizations in the private cybersecurity sector, including Cyber Defense Institute and Computer Emergency Response Teams (CERTs).
The operation identified and targeted victims in 10 countries in the Southeast Asia region. They are: Singapore, Indonesia, Brunei, Laos, Cambodia, Malaysia, Philippines, Myanmar, Vietnam, and Thailand. Interpol’s special computer crimes team also sought assistance from the national police of the targeted countries to come up with guidance documents that they used to guide victims in removing the miner script from their routers, patching the vulnerability, and help them prevent re-infections.
Interpol officials announced that by late November and early December 2019, the number of devices infected with the Coinhive malware had reduced by 78 percent. At this time, the operation to remove infections from remaining devices was ongoing, and the agency was optimistic that the number of infected devices would drop even further.
The main takeaway from the conference was that fighting such a crime is easier and more successful when various private security institutions, national police organizations, and international cybercrime prevention agencies collaborate and share intelligence. Detecting and removing the Coinhive malware from infected devices is easier and more straightforward now because of this. Interpol has declared this malware a less serious threat than it was before Operation Goldfish Alpha as more end-users understand what the malware is and how it works.
Cryptojacking remains a serious threat
Despite the Coinhive virus being practically defeated, cryptojacking remains a serious threat to all kinds of devices, and end-users should be vigilant to stay safe from it. During the conference in Singapore, Interpol’s director of cybercrime Craig Jones emphasized on the need for the police everywhere in the world to form strong partnerships with players in the cybersecurity industry to quickly identify and neutralize any emerging cryptojacking scripts before they proliferate as far as Coinhive did.
“By combining expert data on emerging cyber threats collected and analyzed by the private sector with reports of the investigative capabilities of law enforcement, it will be easier to protect communities and individuals from all kinds of cybercrimes – new and existing,” said Craig Jones, the Interpol director.
Interpol listed a number of other notable bodies that played major roles in the success of the Goldfish Alpha operation, including The National Cyber Security Center of Myanmar.
As the world embraces cryptocurrencies and blockchain technologies, it is expected that there will be more cases of new cryptojacking malware that exploit different vulnerabilities and affect different devices. As a matter of fact, there are cases of cryptojacking malware that use up the computer’s resources without actually infecting the computer itself. For instance, there have been cases of websites that drain a user’s computing power when they visit the website without requiring them to install any scripts.
The damage caused by cryptojacking malware
If you are a victim of cryptojacking, you may not notice it right away, if at all. Most cryptojacking malware is designed to operate stealthily in the background, stealing as much computer resources as possible for as long as possible without being detected. The effect is that a computer runs slower than it should while using more power than normal. A user may notice higher electricity bills and a shorter device life without being able to pinpoint where the problem is.
Depending on how subtle the cryptojacking malware is, there are a number of red flags to look for when you suspect that your device is infected. On top of the list is a significant slow down of the device and the cooling fan running faster and longer than normal. Interpol recommends that you diagnose your system to rule out all other potential causes of poor device performance and disconnect from the internet to determine if your device is infected with a cryptojacking malware.