Mining for Trouble: Cryptocurrency and Cyber Security

Cryptocurrency and Cyber Security

Cryptocurrency is not a new presence in the world of cyber security. For years cryptocurrencies have been the ransom of choice for hackers looking to make money from cyber attacks. However, over the last six months, we have seen a new strategy from hackers: crypto mining malware. This new motive for hackers has risen in prominence significantly with a 27% increase in use in the first quarter of 2018 and it is on the fast-track to becoming the number one cause of cyber attacks. So, it is incredibly important that enterprise IT security staff get an understanding of what crypto mining is, why it has increased in prominence and what they can do to stop it.

For those who don’t know what crypto mining entails allow us to enlighten you. Cryptocurrencies are virtual money that exists online, kept in crypto wallets and transferable via the use of Blockchains. But unlike physical money which has a governing body in charge of its distribution and printing, cryptocurrencies can be made by anyone. Making cryptocurrency is not easy though. If the average person could generate it, from his or her simple desktop computer at home, then the market would be inflated and the value of the currency diminished. To make just one coin of cryptocurrency requires an absurd amount of computer resources and time, meaning mining it is limited to big business and people heavily invested in the technology to do so.

How crypto mining then relates to cyber security is obvious. Even if someone has the technology to mine cryptocurrencies, the amount of computer power needed makes the entire process very time-consuming. Most people don’t have access to industrial computers or enough computers all running at once to mine the currency. It is this issue that has led crypto mining malware to become so prominent as hackers have discovered the solution to their problems is to secretly install mining software onto the computers of bystanders through malware and then let the infected computers do all the hard work.

The big difference between crypto mining and past cyber attacks around cryptocurrencies is that hackers are not stealing cryptocurrency or demanding it as a payment. As mentioned above, they are using software so that they can use the computers of their unsuspecting victims to do the mining while the hacker reaps the rewards. This method is a lot safer for hackers and can continue as long as they don’t get caught.
Crypto mining was made even easier last September when a bug in the Coinhive software, a crypto mining software, allowed it to be used to distribute malware. Since then reports have found that the frequency of crypto mining attacks on corporations has increased by 500%. In February three of the most wanted malware were crypto mining related and a new report for the first quarter of 2018 is showing that crypto mining is soon to take over ransomware as the biggest cyber threat to enterprises.

The question for enterprises now is how to fight back? In the end, crypto mining malware is still malware and so the methods that all enterprises should already be incorporating – like antivirus, traffic monitoring and mitigation, training employees and so forth – will deal with malware designed to mine cryptocurrency. What enterprises need to be aware of is whether or not they are infected and if so how to deal with it.

Unlike ransomware where the hacker will make his or her presence known, crypto mining malware aims to remain hidden and continue leeching from your computer’s resource and so IT security experts will have to be more proactive in their approach and actively search for the mining software hidden in their network. The main sign that your computer is infected is how slow it will be running, thanks to the mining software using up the CPU. If your computer isn’t performing properly then scan it, look for anomalies, and look for signs of malware. You may just find a little miner chipping away.

Crypto mining and cryptocurrencies, in general, are not going away any time soon so it is important that businesses adapt to the changing cyber security landscape rather than hoping the situation will solve itself or assuming nothing will change.

Written by Kumar Sumeet, Principal Security Consultant