Additional information (cr)
Crimeware
Crimeware refers to any type of malicious and illegal online activity in which a hacker uses malware, such as spyware, a virus, or an illicit computer program, to gain access to a person's or an organization's data or system. Many spyware programs, keyloggers, and browser hijackers can also be considered crimeware. This type of malware can have significant economic impact due to loss of sensitive and proprietary information and associated financial losses. To fight against such crimeware attacks and even prevent such attacks in the future, you will have to employ efficient virus protection and virus removal strategies like installing a good antivirus software. A firewall along with antivirus for virus protection is treated to be the first line of defense that will protect your device from crimeware attacks.CRLF-injection
In a CRLF injection attack, the attacker inserts the carriage return and linefeed characters into a user input function to trick the webpage-server or the web application into thinking that an object has terminated and another one has started. CRLF stands for two things: CR or Carriage Return and LF or Line Feed. Basically: a website's header (contains all kinds of information like character-encoding, the stylesheet, search-engine information etc.) is separated with CR and LF from the websites body (all that you can see in the browser), this is how the webserver differentiates the two parts.When a website has no sufficient security for user-input (validation), it makes it vulnerable to a CRLF-attack. After finding the vulnerability the hacker can then use the CRLF character-combination to launch other types of attacks in combination with the CRLF-vulnerability to make the website act differently than expected like causing information disclosure or (malicious-)code execution.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a type of attack that causes an authenticated (logged-in) user to submit a (malicious or harmful) request to the webpage where they are currently on, during the purchase of a product, the change of an e-mail adress etc. thus exploiting the trust a web-application has in an authenticated user. This is possible when a website can not differentiate between valid requests and forged requests controlled by an attacker. An attacker has several ways to exploit the CSRF vulnerability.The solution to this vulnerability exists of adding a unique secure random token per user-session as part of the HTML-form (not stored in a cookie), which is then directly sent to the users' browser. Afterwards: any request from that user(s' browser) must include this unique token to be authorized by the website or rejected when not included.
Cross-site scripting (XSS)
Cross-site scripting (XSS) is the name of a flaw in the security of a web application. The problem is caused by the fact that input that a web application receives (such as cookie, url, request parameters) is not being evaluated and sanitised and therefore ends up in the output to the end user. Malicious code (JavaScript, VBScript, ActiveX, HTML, Flash etc.) can be injected through this vulnerability. This allows, among other things, to view session cookies, take over a user's session, enrich the functionality of a website or to perform unintended actions on the users' side.
To avoid confusion with Cascading Style Sheets and Content Scramble System, the abbreviation XSS was used instead of CSS.
Several forms of cross-site scripting are possible:
Client side XSS; here a client-side script uses the user's input to generate a (piece of) the page, without checking or securing this input.
Server-side side XSS without state; here the user's input is sent to the server, where the input is used to generate an HTML page without being monitored or secured.
Server-side side XSS with state; here the information is stored in a database or other system to generate HTML pages for multiple people. This can happen when the text that is entered is not being checked for unwanted characters.
Crypto currency
A cryptocurrency only exists in a digital way, it is built on Blockchain Technology that only exists online (no touchable money). They typically use encryption technologies to protect transactions. There are at the moment (2021) more than a 1000 cryptocurrencies existing, Bitcoin was the first.All the information around a cryptocurrency is stored decentralised in ledgers that hold the transactions and amounts.
The big difference with regular currencies is that cryptocurrencies don't have a central authority, the whole system is owned by all the participants and the more participants there are, the safer the system is, because the distribution of all the information is being stored by a huge amount of participants.
You can buy cryptocurrencies with real money or with other cryptocurrencies and with the amount of cryptocurrencies you have it is possible to buy goods or services from anyone who wants to receive (these) cryptocurrencies. Another way of obtaining cryptocurrencies is cryptomining.
Cryptojacking
Cryptojacking is using someone else's computer for cryptomining. Cryptomining can be quite costly, that is why criminals apply cryptojacking to illegaly earn cryptocurrency. They do this by either getting the victim to click on a malicious link in an e-mail (phishing) that loads cryptomining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in your browser, the cryptomining code then works in the background. Victims might notice that their computers are much slower or even non-responding.Some cryptojacking/mining scripts have wormlike capabilities that allow them to infect other devices and servers on a network, this often also makes them harder to find and remove. Cryptojacking doesn't require technical skills: cryptojacking kits are available on the dark web for around 30 dollars.
Typically these scripts do not alter files on the computer (they benefit by computers that keep running), but they do take a lot of resources and for that reason these scripts are very annoying. Next to that: they are placed without permission.
Crypto mining
Crypto-miners are individuals and organizations that employ crypto-mining to collect cryptocurrency. Crypto-miners form an essential part of the chain where crypto-tranactions are being verified.It typically involves the process of creating new cryptocoins by solving complex mathematical equations. When a person invests in a crypto-currency, the details of the investment are entered on a distributed ledger, called the blockchain. But the process is complete only when a miner verifies the transaction as legitimate. Once that is done, the transaction is locked into the blockchain for everyone to see and the transaction is a fact. Crypto-miners are in a race against each other to solve the mathematical problem. Those who are first are paid a fraction of the transaction as a fee/bonus for their effort. Every successful transaction leads to new coins.
In the beginning crypto-mining could be done by every sole individual owning a computer, but nowadays this is not sufficient anymore, unless you join an online crypto-mining ring. This is because normal computer-CPU's are too slow; today crypto-mining requires a specialized GPU or an application-specific integrated circuit (ASIC) miner. Next to that, the GPUs in the mining rig must be connected to a reliable internet connection 24/7. Each crypto-miner also needs to be member of an online crypto-mining pool.
Typically crypto-mining involves a large amount of energy-consumption and investment in hardware and software, because of the difficult task the computer needs to undertake, which raises the question: is cryptomining worth it?
Furthermore: the fact that crypto-mining can be quite costly is a reason for hackers/criminals to develop cryptojacking-software and techniques.