Cryptomining Malware: How to Protect Your IT Assets

  • Cryptomining scripts are present on 3% of the websites people visit.
  • The number of domains hosting cryptomining scripts skyrocketed 725% in three months.
  • One recently detected attack spread to 500,000 computers in a single day.

Cryptomining malware has exploded on the threat landscape, becoming one of the most common malware attacks and posing a significant risk to your IT assets. Here are the answers you need: what it does, how it gets in, and how to recognize and prevent it.

What Is The Threat?

First, the basics: Cryptomining is the process of validating a block of cryptocurrency transactions and adding them to the blockchain digital ledger. Miners compete against each other to validate a block of transactions using a proof-of-work algorithm that requires solving a complex mathematical problem. The successful miner for any given block receives newly “mined” cryptocurrency as a reward.
It’s big business. Digiconomist estimates annual global revenues of almost $7 billion, most of it earned by legitimate players using their own processing resources – often purpose built.

In September 2017, visitors to TV network Showtime’s website found that the website included Coinhive code that automatically began mining for Monero cryptocurrency without user consent. The Coinhive software was throttled to use only twenty percent of a visiting computer’s CPU to avoid detection. Shortly after this discovery was publicized on social media, the Coinhive code was removed. Showtime declined to comment for multiple news articles. It’s unknown if Showtime inserted this code into its website intentionally or if the addition of cryptomining code was the result of a website compromise.

But bad actors are also trying to claim a piece of that $7 billion pie, and they’re not interested in spending money on the computing power they need. Instead, they create cryptomining scripts and embed them in someone else’s IT assets to hijack their processing power.

Why Now?

Cryptocurrencies – Bitcoin, Litecoin, Ethereum and more than 4,000 others – are gaining broader acceptance. Research from the Neustar International Security Council shows that 80% of organizations are interested in using cryptocurrency for business transactions. Broader acceptance and use have created greater opportunities for cryptominers – and where there are opportunities, there are bad guys.

How Serious Is It?

Serious, and getting worse. In the first half of 2018, cryptomining malware accounted
for 35% of threats, overtaking ransomware. More sobering statistics:

  • Cryptomining scripts are present on 3% of the websites people visit.
  • The number of domains hosting cryptomining scripts skyrocketed 725% in three months.
  • Recent reports have revealed a large-scale, months-long cryptomining malware effort spreading to 700 new systems a day.
  • One recently detected attack spread to 500,000 computers in a single day.

The list of targets of cryptomining malware includes leading brands and government agencies, among them a Tesla AWS account, the Los Angeles Times, U.S. Federal Courts, and the U.K. Information Commissioner’s office.
Worse, the bad guys are getting more sophisticated. One newly reported strain
of cryptomining malware also acts as a backdoor trojan and a self-spreading virus.

What Are The Risks?

The mathematical problems used as proof of work for cryptomining require significant processing power, and as more cryptominers compete the problems become harder to solve.

Cryptomining malware steals that processing power by embedding itself in a targeted network – your network – and hijacking the servers. Since your computers are busy doing the malware’s cryptomining work, they’re less available to do the processing your network and applications require – slowing system operations and degrading your capabilities.

The intensive processing, along with the cooling it requires, also consume electrical power – lots of it. Mining a single bitcoin block uses enough energy to power more than 28 U.S. homes for a day. Globally, the bitcoin mining network has been estimated to consume between 2.55 gigawatts and 7.67 gigawatts of electricity – equivalent to Ireland and  Austria respectively.

Since the cryptominer’s goal is to access and steal your computing capabilities, they have no interest in calling attention to themselves. This malware is stealthy, designed to remain undetected for as long as possible, siphoning off processing power and diminishing the capabilities of your IT resources.

Unauthorized mining activity from cryptomining malware has become so prevalent that ad blocking firm AdGuard estimates more than 500 million users are mining cryptocurrencies on their devices without realizing it. These users either get infected by a cryptomining malware program or visit websites that stealthily run cryptomining software in the background without the user’s consent.

How To Tell If You’re A Victim

Unlike ransomware, which has to announce itself to get a return, cryptomining malware conceals itself to achieve its goals. You probably won’t know you’ve been infected unless you regularly do two things:

  • Monitor utilization of your servers: If you’re hit, you’re likely to see a sudden and sustained increase in server utilization – unless the malware is sophisticated enough to include a hack of your kernel that deletes the fraudulent usage from your reporting.
  • Monitor electricity consumption: For most enterprises, IT power usage is consistent from year to year, rising and falling in patterns related to regularly recurring computing demands. An unusual spike in consumption could indicate a cryptomining script.

What Are The Attack Vectors?

Cryptomining malware can be inserted into your network through a variety of channels – including a dishonest employee. Two vectors, however, are particularly worth your attention:

  • DDoS Attack: This technique utilizes a DDoS attack as cover, the digital equivalent of a pickpocket team where one robber jostles you while the second lifts your wallet. While the attack dominates the attention of your IT security team, the bad guys take advantage of the turmoil to insert the cryptomining malware.

Adding insult to injury, some of these malicious scripts include code to enlist the infected server(s) as part of a botnet to participate in future DDoS attacks on other systems.

  • DNS Hijack: In this type of attack, the hacker directs your DNS traffic to a malicious site, either by poisoning your DNS cache or by taking over a legitimate site that is known to be visited by your users or systems. Either way, the malicious site appears to be legitimate, but inserts the malware into your network during the visit.

For More Details

Only $1/click

Submit Your Ad Here

techcloud link

Tech Cloud Link is the place to get free technology whitepapers downloads in a variety of formats, including PDF versions of popular articles tech briefs, tech whitepapers, and research articles into profoundly diverse spectrum within IT landscape. Here you will resolve trending IT concerns on topics like – Network Communication – Storage – Data Center – Server – Network Security. The whitepapers accurately address convergence between industrial and enterprise networks and collections of Articles, Features, Slide Shows and Analysis on Enterprise IT, Business and Leadership strategies that focus on critical

Leave a Reply