Digging Into Cryptomining Malware (Bitcoin, Monera, and More)
- Jaq Evans
- February 15, 2018
Everybody knows someone who hopped on the Bitcoin train back te 2009, and straks cashed out for millionsвЂ”or for a paltry hundred bucks.
But while the value of a single bitcoin has ebbed and flowed overheen the last decade, electronic currencies have captured imaginations at every tierвЂ”including the less savory ones.
Cryptocurrencies offerande a twofold alternative to fiat money: their value is not impacted by a government-controlled supply, and the system for their exchange is decentralized and (for now) essentially unregulated. For many cryptocurrency enthusiasts, the benefits of such decentralization outweigh the costs: flux aside, the dollar value of all cryptocoins today is a staggering $300+ billion.
That zuigeling of money has turned the phrase ",mining for bitcoins", into the spiritual successor to ",let`s zeerob a canap", spil an option for, say, paying off student loans. Of course people truly do spend months using special hardware to dig up cryptocoinsвЂ”a quick Google search of ",cryptomining", will land you with a dozen guides to mining different currencies, from Bitcoin to Ethereum to Monero. And coin mining itself is largely legal, spil long spil the miner goes after their local financial regulations regarding currency exchange. Some companies even suggest coin mining spil an alternative to viewing ads on their websites.
But why obey the law when you can infect people with mining malware and leverage their processing power by force?
Cryptomining Malware Turns a Slow but Massive Profit
Here`s a snapshot: a latest report from Talos suggests that a cryptominer with Two,000 victims could turn a profit of around $182,500 vanaf year. If Two,000 seems like a lotsbestemming of people for one bad actor to compromise, consider thesis two facts: mining software itself isn`t technically malwareвЂ”so most security platforms won`t even flag itвЂ”and Kaspersky Labs blocked 51 million attempts to open a phishing pagina ter 2018.
That`s several million people who, after all the headlines about ransomware overheen the last year or two, still clicked a bad email listig. (That Talos report is an excellent read if you`re interested te a far more detailed rundown of the various ways cryptomining malware is delivered.)
Because coin miners work by producing cryptographic hashes spil quickly spil possible ter the hopes of getting the ",right", one before everyone else, more processing power means better chances of striking gold. That`s why powerful professional workstations make succulent targets for bad actors and give particularly entrepreneurial employees a way to line their own pockets using workplace systems.
You might argue, ",Well, that`s shady but isn`t mining for electronic gold on someone else`s pc a victimless crime?", To which wij say.
The Cost of Miners te Your Environment
Beyond the negative influence on show and power consumption of infected devices, malicious cryptomining software can mean you`re compromised ter other ways. Trend Micro found that, ter a six month period ter 2018, 20% of detected bitcoin miners also triggered web and network-based attacks.
So mining malware opens the voort to worse attacks like ransomware and virusesвЂ”and, well, it`s icky, right? Someone is forcing you and your system to help them generate funds without your skill or consent (or a cut of the profits).
Spil long spil cryptocurrencies are ter play, however, both legal and malware-driven mining will thriveвЂ”and even if you`re not worried about mining software spil a gateway infection, no enterprise is going to want random miners stealing their resources. But detection is more challenging than you might think.
Network Visibility = The Canary ter the Digital Mine
Mining software is designed to hide inwards an infected environment for spil long spil possible, and that means catching cryptominers absolutely depends on visibility into all an organization`s assetsвЂ”as te, into the network itselfвЂ”and the capability to notice weird behavior even if it`s not affiliated with any known malware (especially since the only sign of infection is often no more than a slight system slowdown).
Security operations are ter a tie, then, because for many the only way to spot mining software is to by hand flag each example you come across spil malicious activity. But bad actors ter this space are spil prolific and inventive spil bad actors te every other vein of cybercrime, which makes it a real anguish for SecOps to keep up.
This is where technologies like ExtraHop Expose(x) come te. Because Expose(x) security analytics provides internal visibility by analyzing your actual wire gegevens, using AI to surface all anomalous behavior on the network, you don`t need to by hand flag signatures or sift through alerts.
Expose(x) will notice any unusual behavior for you, and give your security team the anomaly setting, a ordner of any affected assets and their dependencies, and a scope of the potential attack. That way you can quickly prioritize which attacks are putting your most critical assets at risk and send out the troops te time to zekering further harm.
Long story brief: improving internal visibility and automating spil much of the investigation process spil possible is the only way SecOps has any hope of dealing with the floodgates of cyber attacks, from cryptomining software to the indeed bad stuff.
Agree, disagree? We`d love to hear your thoughts!