The evolving cryptomining threat

Written by Jason Charalambous on 20/04/2018

Cryptomining might sound like a cool word – something suggestive of what a digital Indiana Jones might get up to during his downtime. However, for both businesses and the general public, it’s a growing concern. Digital currencies are not new, with Bitcoin already nearly a decade old, and their popularity is growing all the time. This naturally makes them a prime target for cyber criminals, which has an impact on all of us.

Mining, not minting

Obtaining cryptocurrencies is called ‘mining’, and it requires processing power. A lot of it. Think “a whole rack full of GPUs”, and you’re not far off what the hardcore miners use. This processing power keeps the distributed blockchain (a public digital ledger that records transactions) consistent and allows it to grow. With each block added to the chain (hence block chain, clever eh?), the successful miner is rewarded with a fresh batch of the currency. The longer the currency has been in operation, the larger the blockchain and subsequently, the more processing power required to maintain it.

It is, of course, a lot more complicated than that, but as far as cybersecurity is concerned, that’s all we really need to know. Whilst many legitimate businesses accept some cryptocurrencies as a payment method and mining in itself is a perfectly legal pursuit, the currencies tend to be associated with illegal transactions, due to the difficulty in tracing them to a specific individual. Because of this, mining has attracted a large number of undesirables.

Outsourcing your CPU

In computing, as in life, what may once have been considered fantastical is now entirely possible. Criminals can quite easily ‘borrow’ your CPU to increase their mining potential. This is achieved through malicious code, which does not necessarily even have to be installed onto your computer, but rather operates via infected websites, with JavaScript being a particular favourite target. These scripts are found in numerous websites and rarely (if ever) inform users that they’re running. Anyone who visits a website running a compromised script can find their CPU usage getting eaten up quite rapidly, particularly if they have several tabs opened up.

You might think that this hijacking of your CPU’s processing cycles isn’t going to make an impact compared a dedicated GPU-powered mining rig – but remember that you’re just one visitor to this (probably dodgy) webpage. The website will have hundreds of visitors, all contributing their CPU cycles. This will add up to produce a lot of mining potential.

Bigger threats

Unfortunately, the threat does not stop at an occasionally high CPU. Cryptomining malware code can be easily altered to become ransomware, which can be somewhat more problematic. Many criminal miners are not content with targeting a handful of websites and a few mere desktops and have turned their sights onto servers. Larger companies and services are all at risk. Notably, Amazon Web Services have been targeted as recent as this year (2018). Those with weaker security systems or inadequate defences are making themselves easy targets, with reports of hospitals and government bodies falling victim to Cryptojacking.

One of the main reasons crypto-criminals choose to target businesses and server farms is cost. Home mining can be an expensive endeavour, with mining machines consuming a lot of electricity. If your business systems are caught by a cryptominer, not only will your company’s servers be doing the work for them, but you’ll also be footing the energy bill.

The dark side of the coin

As previously mentioned, cryptocurrencies are primarily associated with illicit transactions and practices from drugs to human trafficking, and all sorts else. I can think of no business that would want to support these things. If your servers have been hacked for mining purposes or your employees are checking out compromised websites, you could well be doing just that.

Strong cybersecurity defences are a must

Cryptocurrencies like Bitcoin only work as they’re subject to artificial scarcity (they are limited), because of this, as time progresses it’ll become harder (and presumably more financially rewarding) to obtain units. As a result, more processing power will be sought. It seems likely that cases of illegal cryptomining, server jacking and website hacking will become more prevalent and widespread.

  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre

Get a quote today

If you’re interested in our services, get a free, no obligation quote today by filling out the form below.

By submitting this form, I agree to the Bulletproof privacy policy.