By: Carolyn Crandall, Chief Deception Officer, Attivo Networks
Cryptocurrency mining attacks have skyrocketed in the last year. The Cyber Threat Alliance reported a 459 percent increase in cryptominer detections from 2017 through 2018, demonstrating they have rapidly become one of the most in-vogue forms of attack.
With this momentum, it not only becomes critical to understand the potential impact of cryptomining today, but also what it could become if used to destabilize economies, fuel nation-state actor revenue, or to simply redirect processing power into decrypting files.
Although this form of threat is relatively new, it should not be underestimated. Cryptomining shows no sign of stopping given the escalating value and number of cryptocurrencies available, from bitcoin, Monero, Ethereum, Zcash and Litecoin to hundreds of others.
The cryptocurrency boom has encouraged attackers to expand their focus from other methods such as utilizing malware to steal data and impose ransoms or launching a disruptive DDoS attack, to employing tools and techniques to gain access to the computing power of enterprises to generate cryptocurrency payouts.
Cryptomining attacks are becoming more attractive since they require limited effort to generate revenue and are much simpler to execute to achieve a large payday vs. ransomware, which requires an organization to agree to pay threat actors. Buyer/seller marketplaces make it easy to facilitate offers in bitcoin for the processing power.
These markets will automatically switch the seller’s hashing power to mine for the buyer with the highest offer, making it simple to complete hashing power financial transactions. To execute a cryptomining attack, all that is required is access to commodity malware, browser-based exploit kits, some computer processing power, and electricity (stolen or legitimate).
This threat is likely to escalate as enterprises embrace blockchain technologies to conduct business operations. Additionally, illicit mining outside of cryptocurrencies may also create additional risks that enterprises will need to mitigate.
Cryptomining attacks not only drain resources and raise electrical bills but can also significantly damage critical IT infrastructure. Equally important, the presence of a cryptomining attack may indicate other flaws in the organization’s security controls, which, if left open, present opportunity for a much larger attack.