As investments in cryptocurrency become more popular, threat actors have started to develop coin mining malware to take advantage of its increasing popularity. But what is coin mining and why has it become so attractive to would-be attackers? More important, what steps can you take to prevent becoming a victim?
Coin mining is a program that uses computer resources to mine cryptocurrency by solving mathematical puzzles. Cryptocurrency, a legitimate form of digital currency such as Bitcoins, operates using blockchain technology, a digital ledger, which records and confirms transactions between parties. Every time a new transaction is confirmed, it creates a ‘block’ (hence the term blockchain) that obtains a timestamp for the transaction and uses cryptography for security. A blockchain is typically made public on a peer-to-peer network, allowing those involved to verify the integrity of the transactions, ultimately establishing a trust relationship.
To mine this cryptocurrency, a ‘coin miner’ has to connect their computer to the currency’s blockchain network and compete with thousands of other systems to earn cryptocurrency. In essence, the faster the hardware and processing power, the faster you can mine the currency – and earn more money.
This acceptance and attraction to digital currencies and its investment potential, has created a new way to earn money. But to generate real profits and become a big time earner is both time-consuming and costly and as a result, we are seeing more cyber criminals developing malware in order to overcome these barriers and make money quicker and easier.
Our definition of coin mining malware is any software, code or script unknowingly used by a user or machine to mine cryptocurrency for another party. Sometimes you come across the term ‘cryptojacking’. The malware is installed on the victim’s computer and, once installed, steals their resources to mine cryptocurrencies – the rewards then go directly to the hacker, not the computer owner. In fact a victim is unlikely to know anything about it, apart from some performance issues, such as a computer running slowly.
But the impact of coin mining malware can go well beyond performance issues.
- It costs an organisation money by using extra processing power, resulting in higher electricity bills.
- Devices hijacked for malware not only run slowly, but also can overheat and underperform, resulting in people being less productive (and more than a little frustrated!).
- The environmental impact may not be immediately obvious. But the entire Bitcoin network now consumes more energy than an entire country – in fact, if it was a country, it would consume as much energy as Iraq!
- Finding coin mining malware could simply be the tip of the iceberg; indicative of more problems on your network environment, including vulnerabilities.
Steps to mitigate the risks
- Conduct regular risk assessments to identify vulnerabilities within the organisation.
- Adopt a defence-in-depth approach to cybersecurity with multiple layers of security in place.
- Regularly update systems and devices with the latest patches. Many successful cyber attacks could have been thwarted if patches had been applied.
- Deploy intrusion, detection and prevention systems to stop attacks.
- Educate employees — most attacks come from phishing attacks, suspicious email links, unsolicited emails and file attachments.
- Proactively monitor network traffic to identify malware infection.
- Pay close attention to the security of mobile devices.
- Ask IT to consider application whitelisting to prevent suspicious applications from loading.
- If you lack the resources to manage all aspects of cybersecurity, consider outsourcing.
Contributed article by Terrance DeJesus, Threat Research Analyst at NTT Security