Recent advances including digital currencies and the associated public transaction record blockchain have paved the way for an array of new financial activities. Cryptocurrencies like Bitcoin are beginning to be accepted as payment by major retailers, creating more concrete use cases and capabilities.
At the same time, though – and similar to a range of other legitimate technological processes that have been twisted into nefarious pursuits by black hats – hackers and other malicious actors have unsurprisingly begun leveraging cryptocurrency for their own purposes.
Cryptocurrency mining attacks have begun to take hold, and experts predict that they won’t stall anytime soon – on the other hand, cybercriminals may only increase this abuse of resources. And unlike traditional attacks that involve breaches, data theft and malware, cryptocurrency mining impacts underlying system resources, gobbling up computing power that should be devoted to critical operational tasks.
Today, we’ll take a closer look at cryptocurrency mining, the rise of these attacks within the threat environment, and why businesses should be concerned.
How does cryptocurrency mining work?
As ITPro contributors Adam Shepherd and Keumars Afifi-Sabet point out, cryptocurrency mining relies upon the use of blockchain. Transactions are grouped together into blocks, which are verified by ensuring that the coins used in each transaction haven’t expanded in value again before the transaction has been cleared. If the input and output totals tally equally, the block is verified, and the next sequential transaction block can be created and connected to the previous block.
Because blockchain is a publicly accessible record, there is no central authority – like a bank or other financial institution – and the system requires network nodes to support the process of gathering transactions together to create the next block in the chain. The nodes themselves are known as “miners.” Each miner must go through and resolve a complex mathematical algorithm or “proof of work” before the miner can create the next block. This effectively slows the devaluation of the cryptocurrency by making it more difficult for network node miners to create new blocks.
As Shepherd and Afifi-Sabet explain, the completion of the proof of work isn’t the only requirement to create a new block – and the benefit for doing so is the reward of cryptocurrency units.
“In order to successfully create a block, it must be accompanied by a cryptographic hash that fulfills certain requirements,” Shepherd and Afifi-Sabet noted. “The only feasible way to arrive at a hash matching the correct criteria is to simply calculate as many possible and wait until you get a matching hash. When the right has is found, a new block is formed and the miner that found it is awarded with units of cryptocurrency.”
According to Benzinga staff writer Shanthi Rexaline, winning miners receive 12.5 Bitcoins for creating a single block. This equates to over $100,000, creating considerable motivate to engage in cryptocurrency mining.
Enabling mining with stolen computing resources
When the concept of cryptocurrency mining first emerged, users were able to utilize their own standard PC to support the process. Now, however, much more computing power is required to facilitate a matching hash and creation of a new block. As Shepherd and Afifi-Sabet indicate, it would cost a typical individual more than £1,000 – or over $1,300 – to purchase the hardware necessary to successfully mine cryptocurrency.
For these reasons, hackers are forgoing the up-front investment and simply stealing the computing resources of legitimate systems to do their mining for them. And although the network nodes and underlying resources belong to a victim organization, it is the hacker orchestrating the attack that walks away with the coveted cryptocurrency profit.
According to Trend Micro’s report, “A Look Into the Most Noteworthy Home Network Security Threats of 2017,” there was a huge leap in the number of cryptocurrency mining events during the second half of last year. Although the first and second quarters of 2017 saw almost no activity in this realm, nearly 25 million cryptocurrency mining events took place in Q3, while more than 20 million were recorded in Q4, making it the most detected network event of the year.
Trend Micro researchers found much of this has to do with rising valuations: The Bitcoin market has surpassed the $100 billion mark, “prompting investors to jump in on the seeming cryptocurrency craze.”
Overall, Trend Micro discovered that more than 14,000 home computers, 981 smartphones, 573 IP cameras and 358 tablets were leveraged for cryptocurrency mining. However, it’s impossible to tell whether these activities were undertaken by device owners or if devices were hijacked by unauthorized users.
In addition to endpoints like computers, routers and mobile devices, some organizations have begun monetizing their websites by including cryptocurrency mining scripts within the site code. This enables the site to leverage visitors’ CPU power for mining.
“Think of it as an alternative revenue stream to intrusive online advertising, without user consent,” the report states. “Many websites have been reported to be cryptojacking visitors, i.e., surreptitiously stealing resources from visitors’ computers to mine for cryptocurrencies.”
This kind of unauthorized use of resources for mining has lead to the use of blockers that can disable mining browser extensions used on monetized websites. However, hackers have found other workarounds, including cryptocurrency malware. These samples are markedly different than traditional malware, though.
“Unlike ransomware, which needs to actually engage the victim for the attack to pay off, unauthorized cryptocurrency mining is almost unnoticeable,” per Trend Micro’s report. “Unsuspecting users will not detect any visible indicators of suspicious activities in their devices, especially those with low user interaction like IP cameras, unless users take time to inspect their systems in case of a hike in electricity usage or frequent system crashes.”
Why cryptocurrency mining is concerning for enterprises
As explained, cryptocurrency mining can take resources away from legitimate pursuits and lead to system performance issues and considerably high utility costs due to the heightened demands stemming from mining activity. And while Trend Micro’s report focused around home devices, hackers are turning to more powerful enterprise systems to support their mining profits as well.
Security industry expert Gad Naveh relays that, while it’s impossible to guess what hackers will do next, chances are good that abuse of resources for these pursuits won’t stop anytime soon.
“What I can say is that for now, we continue to see a steady rise in the volume of these attacks, and new crypto-mining attack campaigns every few days,” Naveh told SC Magazine. “Our gateways are reporting more and more companies being targeted – 200 additional companies in the past couple of weeks. If I were to guess, then I’d say this growth trend is going to continue in the near future.”
To find out more about how cryptocurrency mining can impact network systems, and how organizations can guard against this type of unauthorized use of resources, check out this piece from Trend Micro researchers Jon Oliver and Menard Oseña.