The Ghana Police Service has cautioned internet service providers, commercial service providers and the public against on-going crypto jacking attacks within the country’s cyber ecosystem.
Crypto-jacking" is a cybercrime threat in which actor or actors obtain unauthorized computer resources to generate crypto-currency.
A statement signed and copied to the Ghana News Agency by the Deputy Superintendent of Police, Ms Juliana Obeng, the Public Relations Officer of the Criminal Investigations Department (CID) of the Ghana Police Service said that the attacks were detected by the Unit’s close ally, the Cyber Fusion Centre (CFC) of INTERPOL.
It said the CFC detected 50 attacks between the period of February and March 2019 and the Cybercrime Unit after analyses on the attacks observed that five internet service providers were victims of the attacks.
It said they had been duly informed and advised to take measures to neutralise the attacks and take remedies to prevent them.
Malicious scripts deployed and executed, the statement said, take advantage of the victim's computer processing power to mine cryptocurrency for benefit of the threat actor(s).
The allocation of the processing power is done without consent and knowledge of the device owner and the criminal's ability to deploy scripts on victim's devices indicates a successful Cryptojacking" is a cybercrime threat in which threat actor(s) obtains unauthorised computer resources to generate cryptocurrency.
“Intrusion into a network, providing an attacker opportunity to read, write, ex-filtrate and redirect the data passed through the compromised router,” the statement said.
The statement said it normally resulted in threat actor(s) gaining financial benefit from the mining process, while causing disruption to the efficiency, privacy and security of online services and users.
The CFC in its report to the Unit, according to the statement, indicated that the threat actor(s) were conducting large scale Crypto-jacking campaigns facilitated by the exploitation of a critical vulnerability in Mikro Tik branded routers worldwide.
It noted that the unfortunate thing about the attacks were when a command script was deployed on a router, it would execute the mining script on any device connected to that router, which could be done through wired or wireless connection.
The statement explained that the routers were used in domestic networks, where there was relatively small volume of connected devices, adding that, the attack identified so far indicated that the attackers preferred Internet Service Providers and commercial services in order to increase the processing power generated from the victims and subsequently the amount of crypto-currency.
The statement recommended to all internet service providers using the routers to take steps to routinely check them for intrusion traces from routers’ logs such as suspicious IP address, timestamps and relevant or extraneous files.
“All such attacks must be reported to the Cybercrime Units of the CID Headquarters as soon as possible for assistance,” it said.
It advised Internet Service Providers to notify customers about the security threats and measures to mitigate them, and recommended that Providers using Microtik devices should be applying the vulnerability CVE-2018-14847 patch in potential vulnerable devices.