Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

The Dark Side of Cryptocurrencies – Protecting Against Illegal Mining

Max Heinemeyer, Director of Threat Hunting, Darktrace

Most cyber-attackers aim to steal or jeopardise data, but there are a growing number of hackers that break into your systems to exploit the infrastructure in a different way. They use your computing power to make money by mining for cryptocurrencies – often without you ever finding out. 

The weakest point in any cyber-crime operation used to be the monetisation – e.g. selling stolen data or transferring ransom money. Previously, cyber-criminals monetised their operations via banking Trojans/credit card fraud, selling stolen data and ransomware on the Darknet. There used to be a money trail that law-enforcement could trace back to the offenders. Cryptocurrencies allow anonymous monetary transactions, basically eliminating the traceable money trail that was the biggest challenge for a lot of cyber-criminals in the past. Criminals are notoriously adaptable and will follow the money wherever it goes, leading to an increase in the popularity of cryptojacking.

The rise in cryptocurrencies

The last 12 months have shown tremendous volatility in the value of cryptocurrencies, of which Bitcoin is the most prominent example. At the start of 2017, Bitcoin lingered around the $2,000 mark before suddenly taking off, climbing to historic highs of almost $20,000 in December 2017. Demand has since subsided, and at the time of writing, the price of Bitcoin is near to $10,772.

While Bitcoin is the most popular cryptocurrency, numerous alternatives, often called ‘altcoins’ have emerged and grown in value in the last 12 months. The value of most altcoins is closely tied to the value of Bitcoin and, in many cases, the relationship is broadly proportional – a rise in Bitcoin prompting a similar lift in the altcoins. Monero, which has been rapidly adopted by Darknet markets, has profited from this effect. While Monero was valued at around $10 in January 2017, its price has been pumped up to $419 a year later.

Nowadays it is almost impossible to profitably mine Bitcoin on commodity hardware such as laptops, smartphones or desktop computers. At this late state, it just takes too long to perform the relevant calculations, and the cost of electricity is higher than the anticipated revenue in most cases. Other altcoins such as Monero use different algorithms, making them viable alternatives for aspiring crypto-miners. It is often still feasible to mine altcoins on commodity hardware and see a return on investment.

There is much that is still not clear about the cryptocurrency phenomenon. Debate as to its relative value and status as a currency rages and will not be resolved any time soon. However, from a cyber security perspective there can be no doubt that the combination of altcoins being mineable on commodity hardware, the fact that mining is now becoming profitable as a side-effect of Bitcoin’s rise, and a maturity in cryptocurrency-related tech has led to a surge in cryptocurrency-related attacks.

Crypto-mining threats

In the past six months alone, Darktrace has detected and intercepted over 1,000 incidents of cryptocurrency mining, and uncovered signs of it in 25% of all customers’ networks – some mining operations are even run by rogue company employees. While the attackers are stealing computing power on a daily basis, they also pose a risk to the wider infrastructure and critical data. An unknown presence on the network is as unpredictable as it is dangerous.

Darktrace has detected several incidents where employees were intentionally installing cryptocurrency mining software on their corporate devices to mine for personal gain – an obvious way to get around the prohibitive cost of electricity for mining cryptocurrency. These employees do not have to pay for the electricity used to run the corporate device in the office, so they turn their employer’s electricity into cash by commandeering it for mining operations. This is a compliance breach, and it increases the attack surface of a device that has mining software installed, putting the corporate device at risk.

However, the users whose devices are mining cryptocurrencies are not always aware of it. Coinhive is a technology that allows website owners to use their visitors’ computing power to mine a tiny fraction of cryptocurrency for the website owner. Visitors will experience a small increase in computer resource consumption while browsing the website. Some websites experiment with this model to create new forms of revenue streams alternative to advertisement and banner placements.

Coinhive usage is often not an opt-in process. Darktrace has observed various customer devices that regularly visit websites leveraging Coinhive technology. While the power consumption increase for a device browsing a website with Coinhive is ultimately negligible, the cumulative effect of a sizeable portion of the workforce unwittingly mining cryptocurrencies while websites using Coinhive results in increased power consumption cost for the organisation as a whole.

An AI-powered defence

Cryptocurrency mining might not be as profitable as ransomware is upfront, but it can be secretly pursued for months without creating the havoc that characterises ransomware attacks. Most users and security products won’t notice a cryptocurrency miner being installed on a corporate device as it does not show obvious threats or messages to a user, except for an occasional increase in the rate of the fan on your computer.

So how can an organisation be sure that the early warning signs of a crypto-mining breach won’t go undetected? Identifying these attacks can be very difficult for traditional security tools as they were not originally designed to catch this type of threat, but AI-powered cyber defense offers the best chance to detect and fight back against crypto-mining attacks – it can correlate even the weakest indicators of such an attack into a compelling picture of threat. While traditional tools may struggle to see these deviations, AI can pinpoint the changes in behaviour effected by cryptocurrency miners without having to rely on any blacklists or signatures.

Revolutionary technologies like cryptocurrencies have both their dark and light aspects. For all of the creative energy released by the blockchain revolution, Bitcoin and its alternatives have quickly become the universal currency of the criminal underworld. There can be no question that cyber-criminals have sensed a new opportunity to make money, and businesses need to adopt technologies that allow them to spot and stop emerging threats, including crypto-mining.