Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

The Dark Side of Cryptocurrencies – Protecting Against Illegal Mining

The Dark Side of Cryptocurrencies – Protecting Against Illegal Mining

Max Heinemeyer, Director of Threat Hunting, Darktrace

Most cyber-attackers aim to steal or jeopardise data, but there are a growing number of hackers that break into your systems to exploit the infrastructure in a different way. They use your computing power to make money by mining for cryptocurrencies – often without you ever finding out. 

The weakest point in any cyber-crime operation used to be the monetisation – e.g. selling stolen data or transferring ransom money. Previously, cyber-criminals monetised their operations via banking Trojans/credit card fraud, selling stolen data and ransomware on the Darknet. There used to be a money trail that law-enforcement could trace back to the offenders. Cryptocurrencies allow anonymous monetary transactions, basically eliminating the traceable money trail that was the biggest challenge for a lot of cyber-criminals in the past. Criminals are notoriously adaptable and will follow the money wherever it goes, leading to an increase in the popularity of cryptojacking.

The rise in cryptocurrencies

The last 12 months have shown tremendous volatility in the value of cryptocurrencies, of which Bitcoin is the most prominent example. At the start of 2017, Bitcoin lingered around the $2,000 mark before suddenly taking off, climbing to historic highs of almost $20,000 in December 2017. Demand has since subsided, and at the time of writing, the price of Bitcoin is near to $10,772.

While Bitcoin is the most popular cryptocurrency, numerous alternatives, often called ‘altcoins’ have emerged and grown in value in the last 12 months. The value of most altcoins is closely tied to the value of Bitcoin and, in many cases, the relationship is broadly proportional – a rise in Bitcoin prompting a similar lift in the altcoins. Monero, which has been rapidly adopted by Darknet markets, has profited from this effect. While Monero was valued at around $10 in January 2017, its price has been pumped up to $419 a year later.

Nowadays it is almost impossible to profitably mine Bitcoin on commodity hardware such as laptops, smartphones or desktop computers. At this late state, it just takes too long to perform the relevant calculations, and the cost of electricity is higher than the anticipated revenue in most cases. Other altcoins such as Monero use different algorithms, making them viable alternatives for aspiring crypto-miners. It is often still feasible to mine altcoins on commodity hardware and see a return on investment.

There is much that is still not clear about the cryptocurrency phenomenon. Debate as to its relative value and status as a currency rages and will not be resolved any time soon. However, from a cyber security perspective there can be no doubt that the combination of altcoins being mineable on commodity hardware, the fact that mining is now becoming profitable as a side-effect of Bitcoin’s rise, and a maturity in cryptocurrency-related tech has led to a surge in cryptocurrency-related attacks.

Crypto-mining threats

In the past six months alone, Darktrace has detected and intercepted over 1,000 incidents of cryptocurrency mining, and uncovered signs of it in 25% of all customers’ networks – some mining operations are even run by rogue company employees. While the attackers are stealing computing power on a daily basis, they also pose a risk to the wider infrastructure and critical data. An unknown presence on the network is as unpredictable as it is dangerous.

Darktrace has detected several incidents where employees were intentionally installing cryptocurrency mining software on their corporate devices to mine for personal gain – an obvious way to get around the prohibitive cost of electricity for mining cryptocurrency. These employees do not have to pay for the electricity used to run the corporate device in the office, so they turn their employer’s electricity into cash by commandeering it for mining operations. This is a compliance breach, and it increases the attack surface of a device that has mining software installed, putting the corporate device at risk.

However, the users whose devices are mining cryptocurrencies are not always aware of it. Coinhive is a technology that allows website owners to use their visitors’ computing power to mine a tiny fraction of cryptocurrency for the website owner. Visitors will experience a small increase in computer resource consumption while browsing the website. Some websites experiment with this model to create new forms of revenue streams alternative to advertisement and banner placements.

Coinhive usage is often not an opt-in process. Darktrace has observed various customer devices that regularly visit websites leveraging Coinhive technology. While the power consumption increase for a device browsing a website with Coinhive is ultimately negligible, the cumulative effect of a sizeable portion of the workforce unwittingly mining cryptocurrencies while websites using Coinhive results in increased power consumption cost for the organisation as a whole.

An AI-powered defence

Cryptocurrency mining might not be as profitable as ransomware is upfront, but it can be secretly pursued for months without creating the havoc that characterises ransomware attacks. Most users and security products won’t notice a cryptocurrency miner being installed on a corporate device as it does not show obvious threats or messages to a user, except for an occasional increase in the rate of the fan on your computer.

So how can an organisation be sure that the early warning signs of a crypto-mining breach won’t go undetected? Identifying these attacks can be very difficult for traditional security tools as they were not originally designed to catch this type of threat, but AI-powered cyber defense offers the best chance to detect and fight back against crypto-mining attacks – it can correlate even the weakest indicators of such an attack into a compelling picture of threat. While traditional tools may struggle to see these deviations, AI can pinpoint the changes in behaviour effected by cryptocurrency miners without having to rely on any blacklists or signatures.

Revolutionary technologies like cryptocurrencies have both their dark and light aspects. For all of the creative energy released by the blockchain revolution, Bitcoin and its alternatives have quickly become the universal currency of the criminal underworld. There can be no question that cyber-criminals have sensed a new opportunity to make money, and businesses need to adopt technologies that allow them to spot and stop emerging threats, including crypto-mining.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post