The evolving cryptomining threat
Written by Jason Charalambous on 20/04/2018
Cryptomining might sound like a cool word – something suggestive of what a digital Indiana Jones might get up to during his downtime. However, for both businesses and the general public, it’s a growing concern. Digital currencies are not new, with Bitcoin already nearly a decade old, and their popularity is growing all the time. This naturally makes them a prime target for cyber criminals, which has an impact on all of us.
Mining, not minting
Obtaining cryptocurrencies is called ‘mining’, and it requires processing power. A lot of it. Think “a whole rack full of GPUs”, and you’re not far off what the hardcore miners use. This processing power keeps the distributed blockchain (a public digital ledger that records transactions) consistent and allows it to grow. With each block added to the chain (hence block chain, clever eh?), the successful miner is rewarded with a fresh batch of the currency. The longer the currency has been in operation, the larger the blockchain and subsequently, the more processing power required to maintain it.
It is, of course, a lot more complicated than that, but as far as cybersecurity is concerned, that’s all we really need to know. Whilst many legitimate businesses accept some cryptocurrencies as a payment method and mining in itself is a perfectly legal pursuit, the currencies tend to be associated with illegal transactions, due to the difficulty in tracing them to a specific individual. Because of this, mining has attracted a large number of undesirables.
Outsourcing your CPU
You might think that this hijacking of your CPU’s processing cycles isn’t going to make an impact compared a dedicated GPU-powered mining rig – but remember that you’re just one visitor to this (probably dodgy) webpage. The website will have hundreds of visitors, all contributing their CPU cycles. This will add up to produce a lot of mining potential.
Unfortunately, the threat does not stop at an occasionally high CPU. Cryptomining malware code can be easily altered to become ransomware, which can be somewhat more problematic. Many criminal miners are not content with targeting a handful of websites and a few mere desktops and have turned their sights onto servers. Larger companies and services are all at risk. Notably, Amazon Web Services have been targeted as recent as this year (2018). Those with weaker security systems or inadequate defences are making themselves easy targets, with reports of hospitals and government bodies falling victim to Cryptojacking.
One of the main reasons crypto-criminals choose to target businesses and server farms is cost. Home mining can be an expensive endeavour, with mining machines consuming a lot of electricity. If your business systems are caught by a cryptominer, not only will your company’s servers be doing the work for them, but you’ll also be footing the energy bill.
The dark side of the coin
As previously mentioned, cryptocurrencies are primarily associated with illicit transactions and practices from drugs to human trafficking, and all sorts else. I can think of no business that would want to support these things. If your servers have been hacked for mining purposes or your employees are checking out compromised websites, you could well be doing just that.
Strong cybersecurity defences are a must
Cryptocurrencies like Bitcoin only work as they’re subject to artificial scarcity (they are limited), because of this, as time progresses it’ll become harder (and presumably more financially rewarding) to obtain units. As a result, more processing power will be sought. It seems likely that cases of illegal cryptomining, server jacking and website hacking will become more prevalent and widespread.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.