Cyber Miners: From Minor Nuisance to Major Security Problem

There’s a modern gold rush going on, and to cash in on it cyber miners are stealing your enterprise’s computing and networking resources, costing you time and money and putting your business at risk. They’re using your PCs, devices and bandwidth to mine cryptocurrencies like Bitcoin and Monero, making off with the proceeds and leaving you with the bill.

Let’s take a closer look at how cryptomining works and the dangers its poses.

In cryptocurrencies like Bitcoin or Monero, new coins can be created using tremendous amounts of CPU power. Individual computers can’t generate significant income this way. Essentially, fleets of CPUs are needed to create coins.

So cyber criminals have turned to hijacking PC CPUs to do coin mining. They do it in two ways: Downloading executable files onto PCs, which then use the PCs’ CPUs to do mining, or implanting scripts into people’s browsers which then use the CPUS to do mining. With just a few lines of code, cyber criminals can steal a PC’s processing power.

In 2017, cryptomining turned from a minor nuisance into a major problem. That’s because cryptocurrencies went through a massive price increase in the last part of the year. Even though currency prices have fallen since then, they’re still relatively high, and the problem remains.

How widespread is the problem? Symantec’s latest Internet Security Threat Report found an 8,500 percent increase in the detection of coinminers on computers in 2017. The growth was concentrated at year’s end, as cryptocurrency prices spiked. Coinmining leaped by 34,000 percent from the beginning to the end of the year. Symantec blocked 8 million separate coin-mining events in December alone.

The report found that that cyber criminals who previously focused on ransomware have been turning their attention to surreptitious cryptomining because it’s so easy to do.

“With cryptomining there are far less chances an attack will fall apart,” sand Hon Lau, Development Manager in IT Security and Communications at Symantec.

Indeed, with cryptomining, criminals don’t need to set up complex payment schemes or send out payment demands as they have to do with ransomware. They simply create cyber currency with the stolen CPU power, and then cash it in.

“There is some customer service involved in running a ransomware operation,” Lau added. “But with cryptomining, there’s no interaction with victims. You simply get paid.”

What are the Dangers?

Cryptomining won’t harm enterprises as much as malware such as ransomware. But still, says Lau, it’s harmful. “What it boils down to is that someone is stealing your computing resources for their own enrichment, without your authorization,” he explains.

Among the consequences are PCs and servers running more slowly, their batteries overheating, and their useful lives being shortened, he says. “When your computer mines cryptocurrency, it’s working very hard,” according to Lau. “The CPU runs at maximum capacity, and your computer slows down. It gets hot because when CPUs go up to 100 percent usage they generate a lot of heat. That will cause wear and tear on hardware and shorten its useful life.”

That can add up to a serious money if hundreds or thousands of PCs in an enterprise are compromised.

In addition, enterprises are left with increased electricity bills because of the additional CPU use. And they may end up on the hook for even more serious financial consequences. If an enterprise uses a cloud service to launch servers, when cryptominers max out those servers, more servers may automatically spin up, with the enterprise footing the bill for the additional server usage.

How to Protect Yourself and Your Company

Cryptomining has been in the news enough lately that there’s a broad movement to protect against it. Google, for example, has banned all cryptomining extensions from the Chrome store. Beyond that, Lau says that attention to basic computer hygiene, notably running security software, will protect individual PCs against cryptomining.

Enterprises need to take similar measures to protect the company’s computing and network assets. Installing appropriate security software on endpoints, gateways and the enterprise network will help block cryptomining and detect it quickly if it manages to make its way onto a network. Lau says that special attention should be paid to servers, which should be protected and monitored, not just on-premise, but also those in public and private clouds. Systems should be always patched and kept up to date. Companies should examine their bills from cloud providers to check for any anomalous usage spikes. And they should train their employees to watch out for cryptomining attacks.

Lastly, Lau suggests that companies running public websites need to make sure that hackers don’t break into their web servers and insert code that will take over site visitors’ PCs to do cryptomining. That means constantly checking server code - notably JavaScript libraries - to make sure miners haven’t compromised them.

“It’s not that hard to keep a company safe from cryptomining,” Lau said. “But it does require constant vigilance.”

If you found this information useful, you may also enjoy:

For an in-depth look at browser-based cryptocurrency mining, and what to do about it, check out Lau’s blog post, “Browser-Based Cryptocurrency Mining Makes Unexpected Return from the Dead”.

Watch ISTR Webcasts Here

Learn More About ISTR Here