Is the web browser on your phone slower than usual? It could be mining bitcoin for criminals.
As the popularity of virtual currencies has grown, hackers are focusing on a new type of heist: putting malicious software on peoples' handsets, TVs and smart fridges that makes them mine for digital money.
So-called "crypto-jacking" attacks have become a growing problem in the cybersecurity industry, affecting both consumers and organisations. Depending on the severity of the attack, victims may notice only a slight drop in processing power, often not enough for them to think it's a hacking attack. But that can add up to a lot of processing power over a period of months or if, say, a business's entire network of computers is affected.
"We saw organisations whose monthly electricity bill was increased by hundreds of thousands of dollars," says Maya Horowitz, Threat Intelligence Group Manager for Checkpoint, a cybersecurity company.
Hackers try to use victims' processing power because that is what's needed to create - or "mine" - virtual currencies. In virtual currency mining, computers are used to make the complex calculations that verify a running ledger of all the transactions in virtual currencies around the world.
Crypto-jacking is not done only by installing malicious software. It can also be done through a web browser. The victim visits a site, which latches onto the victim's computer processing power to mine digital currencies as long as they are on the site. When the victim switches, the mining ends. Some websites, including Salon.com, have tried to do it legitimately and been transparent about it. For three months this year, Salon.com removed ads from its sites in exchange for users allowing them to mine virtual currencies.
Industry experts first noted crypto-jacking as a threat in 2017, when virtual currency prices were skyrocketing to record highs.
The price of bitcoin, the most widely known virtual currency, jumped six-fold from September to almost $20,000 in December before falling back down to under $10,000.
The number of crypto-jacking cases soared from 146,704 worldwide in September to 22.4 million in December, according to anti-virus developer Avast. It has only continued to increase, to 93 million in May, it says.
_______
Read more:
Bitcoin's 2018 crash stokes fears of a Dot-Com like meltdown
ADGM launches framework to govern spot crypto assets
Crypto influencers are hyping up the market with $105,000 tweets
Avoid the cryptocurrency 'rat poison' and exit while you can
_______
The first big case emerged in September and centered on Coinhive, a legitimate business that let website owners make money by allowing customers to mine virtual currency instead of relying on advertising revenue. Hackers quickly began to use the service to infect vulnerable sites with miners, most notably YouTube and nearly 50,000 Wordpress websites, according to research conducted by Troy Mursch, a researcher on crypto-jacking.
Mr Mursch says Monero is the most popular virtual currency among cyber-criminals. A report by cybersecurity company Palo Alto Networks estimates that over 5 per cent of Monero was mined through crypto-jacking. That is worth almost $150 million dollars and doesn't count mining that occurs through browsers.
In the majority of attacks, hackers infect as many devices as possible, a method experts calls "spray and pray."
"Basically, everyone with a (computer processing unit) can be targeted by crypto-jacking," says Ismail Belkacim, a developer of an application that prevents websites from mining virtual currencies.
As a result, some hackers target organisations with large computing power. In what they believe might be the biggest crypto-jacking attack so far, Checkpoint discovered in February that a hacker had been exploiting a vulnerability in a server that over several months generated over $3m in Monero.
Crypto-jackers have also recently targeted organisations that use cloud-based services, in which a network of servers is used to process and store data, providing more computing power to companies who haven't invested in extra hardware.
Abusing this service, crypto-jackers use as much power as the cloud will allow them to, maximising their gains. For businesses, this results in slower performance and higher energy bills.
Martin Hron, a security researcher at Avast, says that besides the rise in interest in virtual currencies, there are two main reasons for the rise in attacks.
First, crypto-jacking scripts require little skill to implement. Ready-made computer code that automates crypto-mining is easy to find with a Google search, along with tips on the vulnerabilities of devices.
Second, crypto-jacking is harder to detect and is more anonymous than other hacks. Unlike ransomware, in which victims have to transfer money to regain access to their computers blocked by hackers, a victim of crypto-jacking might never know their computer is being used to mine currency. And as currency generated by crypto-jacking goes straight into a hacker's encrypted wallet, the cyber-criminal leaves less of a trail.
Both Apple and Google have started to ban applications that mine virtual currencies on their devices. But Mr Hron, the Avast researcher, warns that the risk is growing as more everyday devices are connected to the internet - from ovens to home lighting systems - and that these are often the least secure. Mr Hron says that cheaply made Chinese devices were particularly easy to hack.
Some experts say new techniques like artificial intelligence can help get a faster response to suspicious software.
That's what Texthelp, an education technology company, used when it was infected with a crypto-jacker, says Martin McKay, the company's chief technology officer. "The risk was mitigated for all customers within a period of four hours."
But security researcher Mr Mursch says that these precautions won't be enough.
"They might reduce the impact," he says, "But I don't think we're going to stop it."
Emergency phone numbers in the UAE
Estijaba – 8001717 – number to call to request coronavirus testing
Ministry of Health and Prevention – 80011111
Dubai Health Authority – 800342 – The number to book a free video or voice consultation with a doctor or connect to a local health centre
Emirates airline – 600555555
Etihad Airways – 600555666
Ambulance – 998
Knowledge and Human Development Authority – 8005432 ext. 4 for Covid-19 queries
Scores
Oman 109-3 in 18.4 overs (Aqib Ilyas 45 not out, Aamir Kaleem 27) beat UAE 108-9 in 20 overs (Usman 27, Mustafa 24, Fayyaz 3-16, Bilal 3-23)
THE SPECS
Engine: 3.5-litre supercharged V6
Power: 416hp at 7,000rpm
Torque: 410Nm at 3,500rpm
Transmission: 6-speed manual
Fuel consumption: 10.2 l/100km
Price: Dh375,000
On sale: now
The biog
Favourite films: Casablanca and Lawrence of Arabia
Favourite books: Start with Why by Simon Sinek and Good to be Great by Jim Collins
Favourite dish: Grilled fish
Inspiration: Sheikh Zayed's visionary leadership taught me to embrace new challenges.
EMIRATES'S REVISED A350 DEPLOYMENT SCHEDULE
Edinburgh: November 4 (unchanged)
Bahrain: November 15 (from September 15); second daily service from January 1
Kuwait: November 15 (from September 16)
Mumbai: January 1 (from October 27)
Ahmedabad: January 1 (from October 27)
Colombo: January 2 (from January 1)
Muscat: March 1 (from December 1)
Lyon: March 1 (from December 1)
Bologna: March 1 (from December 1)
Source: Emirates
Tips from the expert
Dobromir Radichkov, chief data officer at dubizzle and Bayut, offers a few tips for UAE residents looking to earn some cash from pre-loved items.
- Sellers should focus on providing high-quality used goods at attractive prices to buyers.
- It’s important to use clear and appealing photos, with catchy titles and detailed descriptions to capture the attention of prospective buyers.
- Try to advertise a realistic price to attract buyers looking for good deals, especially in the current environment where consumers are significantly more price-sensitive.
- Be creative and look around your home for valuable items that you no longer need but might be useful to others.
GCC-UK Growth
An FTA with the GCC would be very significant for the UK. My Department has forecast that it could generate an additional £1.6 billion a year for our economy.
With consumer demand across the GCC predicted to increase to £800 billion by 2035 this deal could act as a launchpad from which our firms can boost their market share.
SPECS
Engine: 1.5-litre turbo
Power: 181hp
Torque: 230Nm
Transmission: 6-speed automatic
Starting price: Dh79,000
On sale: Now
Despacito's dominance in numbers
Released: 2017
Peak chart position: No.1 in more than 47 countries, including the United States, the United Kingdom, Australia and Lebanon
Views: 5.3 billion on YouTube
Sales: With 10 million downloads in the US, Despacito became the first Latin single to receive Diamond sales certification
Streams: 1.3 billion combined audio and video by the end of 2017, making it the biggest digital hit of the year.
Awards: 17, including Record of the Year at last year’s prestigious Latin Grammy Awards, as well as five Billboard Music Awards
Sarfira
Director: Sudha Kongara Prasad
Starring: Akshay Kumar, Radhika Madan, Paresh Rawal
Rating: 2/5
If you go…
Emirates launched a new daily service to Mexico City this week, flying via Barcelona from Dh3,995.
Emirati citizens are among 67 nationalities who do not require a visa to Mexico. Entry is granted on arrival for stays of up to 180 days.
ETFs explained
Exhchange traded funds are bought and sold like shares, but operate as index-tracking funds, passively following their chosen indices, such as the S&P 500, FTSE 100 and the FTSE All World, plus a vast range of smaller exchanges and commodities, such as gold, silver, copper sugar, coffee and oil.
ETFs have zero upfront fees and annual charges as low as 0.07 per cent a year, which means you get to keep more of your returns, as actively managed funds can charge as much as 1.5 per cent a year.
There are thousands to choose from, with the five biggest providers BlackRock’s iShares range, Vanguard, State Street Global Advisors SPDR ETFs, Deutsche Bank AWM X-trackers and Invesco PowerShares.
How to help
Call the hotline on 0502955999 or send "thenational" to the following numbers:
2289 - Dh10
2252 - Dh50
6025 - Dh20
6027 - Dh100
6026 - Dh200
Company Profile
Company name: Hoopla
Date started: March 2023
Founder: Jacqueline Perrottet
Based: Dubai
Number of staff: 10
Investment stage: Pre-seed
Investment required: $500,000
COMPANY PROFILE
Name: SmartCrowd
Started: 2018
Founder: Siddiq Farid and Musfique Ahmed
Based: Dubai
Sector: FinTech / PropTech
Initial investment: $650,000
Current number of staff: 35
Investment stage: Series A
Investors: Various institutional investors and notable angel investors (500 MENA, Shurooq, Mada, Seedstar, Tricap)
Abu Dhabi Equestrian Club race card
5pm: Abu Dhabi Fillies Classic (PA) Prestige; Dh110,000; 1,400m
5.30pm: Abu Dhabi Colts Classic (PA) Prestige; Dh110,000; 1,400m
6pm: Maiden (PA); Dh80,000; 1,600m
6.30pm: Abu Dhabi Championship (PA) Listed; Dh180,000; 1,600m
7pm: Wathba Stallions Cup (PA) Handicap; Dh70,000; 2,200m
7.30pm: Handicap (PA); Dh100,000; 2,400m
A QUIET PLACE
Starring: Lupita Nyong'o, Joseph Quinn, Djimon Hounsou
Director: Michael Sarnoski
Rating: 4/5
Forced Deportations
While the Lebanese government has deported a number of refugees back to Syria since 2011, the latest round is the first en-mass campaign of its kind, say the Access Center for Human Rights, a non-governmental organization which monitors the conditions of Syrian refugees in Lebanon.
“In the past, the Lebanese General Security was responsible for the forced deportation operations of refugees, after forcing them to sign papers stating that they wished to return to Syria of their own free will. Now, the Lebanese army, specifically military intelligence, is responsible for the security operation,” said Mohammad Hasan, head of ACHR.
In just the first four months of 2023 the number of forced deportations is nearly double that of the entirety of 2022.
Since the beginning of 2023, ACHR has reported 407 forced deportations – 200 of which occurred in April alone.
In comparison, just 154 people were forcfully deported in 2022.
Violence
Instances of violence against Syrian refugees are not uncommon.
Just last month, security camera footage of men violently attacking and stabbing an employee at a mini-market went viral. The store’s employees had engaged in a verbal altercation with the men who had come to enforce an order to shutter shops, following the announcement of a municipal curfew for Syrian refugees.
“They thought they were Syrian,” said the mayor of the Nahr el Bared municipality, Charbel Bou Raad, of the attackers.
It later emerged the beaten employees were Lebanese. But the video was an exemplary instance of violence at a time when anti-Syrian rhetoric is particularly heated as Lebanese politicians call for the return of Syrian refugees to Syria.
COMPANY PROFILE
Company name: Almouneer
Started: 2017
Founders: Dr Noha Khater and Rania Kadry
Based: Egypt
Number of staff: 120
Investment: Bootstrapped, with support from Insead and Egyptian government, seed round of
$3.6 million led by Global Ventures
Everybody Loves Touda
Director: Nabil Ayouch
Starring: Nisrin Erradi, Joud Chamihy, Jalila Talemsi
Rating: 4/5
Mobile phone packages comparison
Dubai World Cup factbox
Most wins by a trainer: Godolphin’s Saeed bin Suroor(9)
Most wins by a jockey: Jerry Bailey(4)
Most wins by an owner: Godolphin(9)
Most wins by a horse: Godolphin’s Thunder Snow(2)
Grand slam winners since July 2003
Who has won major titles since Wimbledon 2003 when Roger Federer won his first grand slam
Roger Federer 19 (8 Wimbledon, 5 Australian Open, 5 US Open, 1 French Open)
Rafael Nadal 16 (10 French Open, 3 US Open, 2 Wimbledon, 1 Australian Open)
Novak Djokovic 12 (6 Australian Open, 3 Wimbledon, 2 US Open, 1 French Open)
Andy Murray 3 (2 Wimbledon, 1 US Open)
Stan Wawrinka 3 (1 Australian Open, 1 French Open, 1 US Open)
Andy Roddick 1 (1 US Open)
Gaston Gaudio 1 (1 French Open)
Marat Safin 1 (1 Australian Open)
Juan Martin del Potro 1 (1 US Open)
Marin Cilic 1 (1 US Open)