Why Small Organizations Should Be Worried About Illicit Cryptomining Activities
There is a scourge currently targeting small businesses and organizations and many are not even aware of it because it does not do anything sensational meant to cause harm. It does not install a virus, send phishing emails, or attempt to kidnap business data for ransom. That scourge is cryptocurrency mining, or simply cryptomining.
What is cryptocurrency?
Cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions.
To quote Malwarebytes, “Two words—“cryptography” and “currency”—combine to form “cryptocurrency,” which is electronic money, based on the principles of complex mathematical encryption. All cryptocurrencies exist as encrypted decentralized monetary units, freely transferable between network participants.” Or put more simply, cryptocurrency is electricity converted into lines of code, which have a real monetary value. (See a detailed article by Malwarebytes on this topic here).
While Cryptocurrency may be in its infancy, its popularity continues to increase, some would say, exponentially. You may have heard of terms like Bitcoin, Litecoin, Monero, Ethereum, Ripple etc. These are just a few types of the cryptocurrencies currently available.
Bitcoin was one of the earliest and most successful form of cryptocurrency when it came out in 2009. According to reports, in 2017, the value of a single bitcoin reached an all-time high of nearly $20,000 USD. It is currently (2019) at $9,207 USD, according to Coinbase.
Surprisingly, and especially from the small business perspective, very few know about cryptocurrency and they only get to hear the term used when there is a ransomware attack and the cyber criminals are asking for payments in the form of Bitcoins. As a result, a lot of small business leaders plainly lack a basic understanding of what cryptocurrency is, and the risks associated with it.
Consequently, this lack of awareness about cryptocurrency is at the root of the prevalence of an insidious activity known variously as “cryptomining”, “Bitcoin mining”, “cryptomining”, and “cryptocurrency mining” in the small business environment.
What is cryptomining?
Cryptocurrency mining, or cryptomining, is simply the way individuals mine cryptocurrency by using special software to solve complex mathematical problems involved in validating transactions. Each solved equation verifies a transaction and earns a reward paid out in the cryptocurrency.
In plain language, it is an attempt to convert electricity into lines of code, which have a real monetary value through the use of malicious tactics. Solving complex cryptographic calculations to mine cryptocurrency requires a massive amount of processing power, hence the resort to illegally using the electricity and computer power of unsuspecting website users for mining.
Malwarebytes explains malicious cryptomining (also called cryptojacking) as an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies.
To put it differently, “Cryptomining is a scheme to use people’s devices (computers, smartphones, tablets, or even servers), without their consent or knowledge, to secretly mine cryptocurrency on the victim’s dime.”
It is a growing online menace that can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers.
Instead of building a dedicated cryptomining computer, hackers use cryptomining to steal computing resources from their victims’ devices. This is all done to avoid the costly overhead usually associated with operating a cryptocurrency farms – the legal method used by sophisticated cryptomining operations.
Like most other malicious attacks on the computing public, the motive is profit, but unlike many threats like spyware, or even ransomware, it is designed to stay completely hidden from the user.
How Does Cryptomining Work?
Cryptomining is all about illegally using your organization’s electricity and computing power to generate illegal money, and these cyber criminals have more than one way of doing so.
One method works like classic malware. You click on a malicious link in an email and it secretly loads cryptomining code directly onto your computer. Once your computer is infected, the cryptominer starts working around the clock to mine cryptocurrency while staying hidden in the background.
This can be regarded as a persistent threat in that the infected device is on your local computer network. As a result of this persistence, cryptomining continues to occur even after a user has stopped visiting the source that originally caused their system to perform mining activity.
An alternative cryptomining approach is sometimes called drive-by cryptomining. It is similar to the “drive-by downloads” methods used by malicious advertising. In this case, the cryptominer drops a piece of computer code into an infected web page and when users visit that infected web site, it performs cryptocurrency mining on user machines.
This effectively allows them to hijack the processing power of the victim devices and systems to earn cryptocurrency.
Types of Systems And Devices At Risk
As mentioned previously, any internet-connected device with a computer processor is susceptible to cryptomining. Specifically though, the following are commonly targeted devices:
- Computer systems and network devices – including those connected to information technology and Industrial Control System networks;
- Mobile devices – devices are subject to the same vulnerabilities as computers; and
- Internet of Things devices – internet-enabled devices (e.g., printers, video cameras, and smart TVs).
What Are The Dangers?
Cryptomining may result in the following consequences to victim devices, systems, and networks:
- Degraded system and network performance because bandwidth and central processing unit (CPU) resources are monopolized by cryptomining activity;
- Increased power consumption, system crashes, and potential physical damage from component failure due to the extreme temperatures caused by cryptomining;
- Disruption of regular operations; and
- Financial loss due to system downtime caused by component failure and the cost of restoring systems and files to full operation as well as the cost of the increased power consumption.
How To Defend Against Cryptomining
The following cybersecurity best practices recommended by the Cybersecurity and Infrastructure Security Agency (CISA) can help you protect your internet-connected systems and devices against cryptomining:
- Use and maintain good antivirus software. Antivirus software recognizes and protects a computer against malware, allowing the owner or operator to detect and remove a potentially unwanted program before it can do any damage.
- Keep software and operating systems up-to-date. Install software updates so that attackers cannot take advantage of known problems or vulnerabilities. (See Patch Management for Better Productivity).
- Check system privilege policies. Review user accounts and verify that users with administrative rights have a need for those privileges. Restrict general user accounts from performing administrative functions.
- Apply application whitelisting. Consider using application whitelists to prevent unknown programs from launching autonomously.
- Be wary of downloading files from websites. Avoid downloading files from untrusted websites. Look for an authentic website certificate when downloading files from a secure site.
- Recognize normal CPU activity and monitor for abnormal activity. Network administrators should continuously monitor systems and educate their employees to recognize any above-normal sustained CPU activity on computer workstations, mobile devices, and network servers. Any noticeable degradation in processing speed requires investigation.
- Disable unnecessary services. Review all running services and disable those that are unnecessary for operations. Disabling or blocking some services may create problems by obstructing access to files, data, or devices.
- Uninstall unused software. Review installed software applications and remove those not needed for operations. Many retail computer systems with pre-loaded operating systems come with toolbars, games, and adware installed, all of which can use excessive disk space and memory. These unnecessary applications can provide avenues for attackers to exploit a system.
- Install a firewall. Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications. Some device operating systems include a firewall. Enable and properly configure the firewall as specified in the device or system owner’s manual.
- Create and monitor blacklists. Monitor industry reports of websites that are hosting, distributing, and being used for, malware command and control. Block the internet protocol addresses of known malicious sites to prevent devices from being able to access them.
As with all other malware precautions, it’s much better to install security before you become a victim of cryptomining attacks.
However, our suggestion is to deploy a comprehensive cybersecurity program in your organization. Our BinaryGuardian Managed Security Solutions provides layers of security (also known as Defense-in-Depth), and protects you and your organization from more than just cryptomining or cryptojacking attacks.
A comprehensive solution can also prevent malware, ransomware, and several other online threats through web content filtering and malware domain blacklisting. So, whether attackers try to use malware, a browser-based drive-by download, or a virus, you’re protected.
In a threat landscape that’s constantly changing, staying safe from the latest menaces like cryptomining is a full-time job. With Tech Prognosis, you’ll have the means to detect and clean up any kind of intrusion and ensure your computer network and resources remain yours alone.
For businesses in the Austin area, contact us for a complimentary cyber security assessment.