It seems that on a nearly daily basis, a new type of cryptocurrency is dominating headlines due to popularity and surge in demand. But, with the massive general appeal of digital currency comes cybercrime. It's true that there has been a massive increase in the purchasing of Bitcoin, Litecoin, Ethereum, Monero and others, although the increase in purchasing power and volatility of a currency has allowed for various cybercriminals to hone in on an opportunity that could be highly profitable.
Recently, cybercriminals have begun using a distributed computing process for production of cryptocurrency —a mechanism known as "mining or cryptomining." While many businesses historically viewed cryptomining as a simple nuisance, the use of more sophisticated mechanisms and propagation tactics has led many organizations to fear a potential disruptive cryptomining attack. The potential lucrative nature of cryptoming has become a tempting playground for cybercriminals looking to generate alternative currency as the popularity of Bitcoin and other cryptocurrencies increase.
What is Cryptocurrency?
Cryptocurrency is a form of digital money that allows for peer-to-peer money transfers without the need for a bank or centralized financial system. Cryptocurrencies runs on blockchain technology, which first encrypts data and then duplicates it many times across a large network of computers, also called cryptominers.
What is Cryptomining?
Cryptomining is the process of verifying transactions within a blockchain. In return for lending computing power to verifying these transactions, cryptominers are rewarded with cryptocurrency. Mining cryptocurrency includes two functions: adding transactions to the blockchain and releasing a new currency. Mining includes the resource-intensive process of authentication transactions in return for a cryptocurrency reward.
When it comes to cryptomining techniques used by hackers, the miner hijacks the computer processing unit (CPU) utilization speed. Some of the more advanced cryptominers employ fileless techniques to maintain persistence within a network and move laterally from system to system that are difficult for legacy security solutions to protect against, sometimes causing business operations to come to a complete standstill. We've recently seen several cases where advanced cryptomining malware has impacted business operations, resulting in some organizations to be left inoperable for days, to weeks at a time. Cryptomining is also often indicative of a bigger problem. We've observed organizations that first identified unauthorized cryptomining in their environment and, after removing the cryptomining malware, have been hit with a ransomware attack.
How to Effectively Stop Cryptominers
In addition to cost, a system compromised with cryptomining malware indicates a broader issue that your network has holes and could potentially be vulnerable to an attack. If a hacker is able to get malicious software on your system, it's clear that your endpoints are not secure. Enterprises can protect themselves against cryptomining attacks through proper security hygiene like strong endpoint protection. Additionally, keeping systems patched and up-to-date, protecting privileged accounts, and implementing network segmentation can help make it increasingly difficult for hackers to gain access to systems for the purposes of cryptomining. Users can protect themselves by installing next-generation antivirus on their systems, using ad blockers when browsing the web, and staying vigilant for any indications that their system may be running slowly for no apparent reason.
The bottom line is that silent cryptomining attacks are costing businesses more money than originally thought. It's expensive to mine cryptocurrencies, and hackers know that if they can get someone to pay for high-powered servers and the electricity it takes to run a cryptomining operation, their criminal enterprise can become increasing more profitable. These criminals are able to increase revenue via cryptomining at no additional cost to them. Businesses today must remain cautious and implement next-generation security tools and highly-motivated professionals to ensure their networks are continuously monitored 24/7/365.
Bryan York is Director of Services at CrowdStrike.