Are your business PCs being used for unsanctioned cryptocurrency mining?

Cryptocurrencies, such as Bitcoin, have barely been out of the headlines for the past couple of years. But whether you think they are a Ponzi scheme or the biggest threats to conventional banking since 2008, there is money to be made in the back office – with cryptocurrency mining. This real cash is driving people to take risks to generate electronic tokens, risks which may impact your enterprise.
Examples can be found worldwide. A small number of Russian scientists were recently arrested for using one of Russia’s most powerful supercomputers to mine cryptocurrency. In the US, Tesla’s AWS cloud systems were compromised to mine cryptocurrencies, and the US National Science Foundation’s own supercomputer was even misused to mine cryptocurrency.
Malware is a common starting point for compromises. A widely reported attack injected software that forced the computers used by site visitors to mine cryptocurrency into thousands of websites, including those of the National Health Service (NHS) and the Student Loans Company in the UK. Hacked machines generated very little cash alone, but as tens of thousands were impacted criminals behind the scam hoped to generate money all the same.

What is cryptocurrency mining?

To understand the problem, it’s important to understand a little about how cryptocurrency mining works. People hoping to get rich by mining cryptocurrency primarily need three resources:

  • Powerful computers
  • Cheap, free, or low-cost energy
  • Internet access

The way Bitcoin mining works is typical. Miners generate new Bitcoins by using computer power to create blocks of validated transactions which are included in the blockchain upon which the currency is based (“Proof of work”).

These blocks together form both the currency and the infrastructure to support decentralized, tamper-proof exchange on an international basis without the need of banks as trust partners or expensive currency charges.
The complexity of the problems solved in mining means Bitcoin miners need powerful computers. This is why mining outfits have become very serious concerns using huge numbers of high-end graphics cluster arrays.

The cost of energy

But running powerful computers at peak performance consumes a great deal of energy. You can still mine cryptocurrency with that PC in your spare bedroom, but you will probably spend more money on electricity than your computer actually creates. 

“The economics of bitcoin mining mean that most miners need access to reliable and very cheap power on the order of 2 or 3 cents per kilowatt hour. As a result, a lot are located near sources of hydro power, where it’s cheap,” Sam Hartnett, of the Rocky Mountain Institute told the Washington Post.

Some of the world’s biggest Chinese cryptocurrency mining farms base themselves right beside solar or hydro-electric power plants. One Russian billionaire recently purchased two power stations to drive his cryptocurrency mines. In Iceland, where about 80 percent of energy is hydroelectric, cryptocurrency mining is using so much energy local electricity providers are concerned they may not be able to meet demand, as scores of foreign mining companies set up shop in the country.

This need for energy is why hackers use malware to generate cash by stealing computational cycles from website visitors. It is also why running unsanctioned cryptocurrency applications on your enterprise’s computers is so attractive, as both the energy and equipment costs then become effectively free.

What are the risks of unauthorized use?

There are very good reasons for enterprises to protect themselves against unsanctioned cryptocurrency mining.

  • Computers hijacked to mine cryptocurrency may work more slowly, impacting mission-critical business technology performance.
  • A large amount of electricity is used, directly increasing business costs.
  • The intensity of the calculations computers must solve may shorten the life of computer processors, or laptop batteries, with a direct impact on equipment and maintenance costs.
  • The software used to mine cryptocurrency may also leave enterprise networks vulnerable to malware and other attacks. Kaspersky Labs claims cryptocurrency mining infections hit 1.65 million in the first eight months of 2017, up from 205,000 in 2013.

Botnets, malware and rogue employees see enterprise servers as good sources of “free” computing power. It is already possible to rent cryptocurrency mining botnets for as little as $30 per month, and software to drive distributed mining systems on exploited computers can cost as little as $29.

Estimates claim a criminal mining using 2,000 hijacked computers can make $500 per day mining a cryptocurrency called Monero, according to Digital Shadows. Some attacks are highly sophisticated, they will attempt to disable security software and software will try to disguise itself to prevent being identified by any security monitoring system that may be in place.

There are already botnets which focus on compromising machines to mine cryptocurrency, for example Satori and Smominru. The sophisticated WannaMine crypto-mining worm poses a particular threat to corporate networks, CrowdStrike warns.
Cisco Talos threat researcher, Nick Biasini, warns that enterprises must protect themselves. “This is a huge new wave of threats that is being delivered to systems in virtually every way possible,” he told Dark Reading.

So, what can you do?

Good security practices are essential, and enterprises must keep up with system software updates, strengthen default security credentials and protect themselves against common attack vectors, such as infected emails and dubious application installs.

They should also enable device and corporate firewalls and put intrusion detection and prevention systems in place in order to mitigate incursion attempts. Systems to monitor equipment for the high levels of processor activity and data traffic spikes that are a hallmark of mining should be put in place, and energy costs should be monitored for unexpected fluctuations. There has also been some work done to use intelligent network technologies such as SD-WAN to block the ports used for cryptocurrency mining.

Finally, IT administrators should use application whitelisting to prevent suspicious executable code from running, and ensure they have adequate protection in place to secure themselves against web injection attacks.
Mobile enterprises should also use Mobile Threat Defence solutions to strengthen their protection against attempts to subvert security.

Learn more

After the goldrush: what next for cryptocurrencies
Blockchain promises to secure digital world
8 industries embracing blockchain (and not for payments)


Jon Evans

Jon Evans is a highly experienced technology journalist and editor. He has been writing for a living since 1994. These days you might read his daily regular Computerworld AppleHolic and opinion columns. Jon is also technology editor for men's interest magazine, Calibre Quarterly, and news editor for MacFormat magazine, which is the biggest UK Mac title. He's really interested in the impact of technology on the creative spark at the heart of the human experience. In 2010 he won an American Society of Business Publication Editors (Azbee) Award for his work at Computerworld.