Cryptocurrency Mining: Malicious Money Making
What has emerged from this trend is a wave of malicious money making via cryptocurrency mining using the computing power of unsuspecting victims’ devices. Cryptocurrency mining for those unfamiliar is the process of confirming transactions and generating new units of digital currency. In many cases, this practice is perfectly legal, however, it is a recent wave of adversaries who install mining capabilities without the permission of device owners that is a growing concern.
Unfortunately, the frequency of malicious cryptocurrency mining practices has been steadily on the rise to the extent that some are calling it ‘the new ransomware.’ Recent headlines where this practice was used include hackers leveraging Browsealoud to deliver crypto mining malware to US and UK government websites and hackers infiltrating the free wifi service at a Starbucks in Brazil in order to mine Monero.
"Now attackers are actively leveraging the resources of infected systems for cryptocurrency mining," writes Talos Security Researchers. "In these cases the better the performance and computing power of the targeted system, the better for the attacker from a revenue generation perspective. IoT devices, with their lack of monitoring and lack of day to day user engagement, are fast becoming an attractive target for these attackers, as they offer processing power without direct victim oversight."
There have been crypto miners embedded in legitimate Android applications that can use computing power from people’s phones even when they are not in use. What’s more, organizations still amidst the debate of whose responsibility IoT devices are are unable to tell if their endpoints are mining without permission, making hacker’s efforts even more successful.
Talos’ research has shown that an average system would likely generate about $0.25 of Monero per day, meaning that an adversary who has enlisted 2,000 victims could generate $500 per day or $182,500 per year.
Like ransomware, cryptocurrency mining is very profitable, but as those who legally mine currency have seen, the cost of doing so is on the rise. The growing popularity of cryptocurrency has increased the price of the hardware needed to do it, with many Graphics Processing Units (GPUs) now priced well over $900. That is, if buyers can even get their hands on a GPU at all.Crypto mining, to the benefit of adversaries, is a largely hands-off activity, as the miner will continuously generate revenue until the miner is removed. For many targets, these miners go largely unnoticed, so hackers can take full advantage of the victim’s computing resources without the cost of power or hardware. Attackers reap all the benefits of mined coin.
"Cryptocurrency miners are a new favorite of miscreants and are being delivered to end users in many different ways. The common ways we have seen miners delivered include spam campaigns, exploit kits, and directly via exploitation."
The shift away from ransomware indicates its’ limited effectiveness and introduces a new challenge to the security world. A more covert and profitable system, crypto miners leave professionals wondering how to handle the new payload and if it should be judged as malware.
What has experts must concerned is that despite cryptocurrency mining being a new trend on the scene, it does not leverage any new tools or techniques. On the one hand, this should be seen as a comfort, in theory, easier to manage than anything new to the scene, but on the other, it shows that organizations and individuals are largely ignoring typical best practice.
Those looking to mitigate the risk of crypto miners need to have a robust patch management strategy in place and actively monitor their network traffic for suspicious mining activity.
There are many different tools that can be used to help secure a network as well as monitor it for malicious activity.
Professionals interested in learning more about the implementation and management of network security tools such as Nessus, Wireshark, Snort, to name a few, can use supplemental learning materials like the Network Security Tools virtual lab for insight. The topics covered in this lab will help you tackle more complex networking problems and make informed decisions regarding network security in the future.