Houston, Texas, USA : Hackers are using illegal means to create cryptocurrency at an increasing rate thanks to a software vulnerability leaked by the National Security Agency, says a new report shining light on a novel criminal aspect of cryptocurrency.
Illicit cryptocurrency mining—the crypto equivalent to minting money—of Monero, bitcoin and other cryptocurrencies rose 459 percent between 2017 and 2018, according to the Cyber Threat Alliance, the organization that published the report.
“The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals. As the values of various cryptocurrencies increase and their use becomes more prevalent, malicious cyber actors are using computers, web browsers, internet-ofthings (IoT) devices, mobile devices, and network infrastructure to steal their processing power to mine cryptocurrencies. Cryptocurrency mining detections have increased sharply between 2017 and 2018.” stated the report.
Mining cryptocurrency requires high-powered computers to complete complicated math problems to create new coins or tokens. Cryptocurrencies like bitcoin are built to release a finite number of coins. Rather than relying on high-powered computers of their own, hackers are illegally gaining access to vulnerable computers and networks, then siphoning computing power towards their mining operation.
The proliferation can be attributed to EternalBlue, an exploit of outdated Microsoft systems that was created by the NSA and leaked in 2017 by the Shadow Brokers, a hacker collective. The exploit was used in the WannaCry and NotPetya attacks of 2017, the former of which crippled DLA Piper in June of last year.
The exploit affects computers that have not updated their Microsoft operating systems. Businesses affected will see their computing resources drained, which may cause physical damage to their IT infrastructure and increase electricity bills, according to the report.
“A security update was released in March 2017. Customers who applied the update are protected,” said Jeff Jones, a senior director at Microsoft, in a statement to Bloomberg. Without the patch, a malicious actor can establish a foothold in a network for illicit mining, which can create an open door for further nefarious acts.
For those who haven’t run proper updates, their systems may aid in the creation of illicit cryptocurrency. Not only does this affect the hacked network, it can push down the value of a currency because of the increased supply.
Eighty five percent of illicit mining targeted the currency Monero. Eight percent affected bitcoin and seven percent was spread out over other currencies, according to the report.
This is just the newest in a string of security and fraud challenges created by the nascent cryptocurrency market. Chainalysis, a bitcoin forensics company, reports that hacks and scams cost people the equivalent of $95 million in bitcoin in 2016, up from $3 million in 2013.
“Illicit mining shows no signs of being just a phase for threat actors, but will likely be a continuous and nearly effortless approach to revenue generation. As enterprises experiment with the use of blockchain technologies to conduct business operations, illicit mining outside of cryptocurrencies may itself become a disruptive risk that enterprises must mitigate. Because this threat is relatively new, many people do not understand it, its potential significance, or what to do about it.”
While the theft of computing cycles to make money may sound relatively benign in the face of other kinds of cyber incidents that can encrypt your data for ransom, steal your intellectual property, or disrupt important functions of critical infrastructure, it is a threat that cybersecurity providers and network defenders must address together to improve our overall cybersecurity.
Business owners and individuals must understand the potential impacts of illicit cryptocurrency mining on their operations. In its most basic form, illicit mining is a drain on the resources in anyone’s enterprise, increasing the workload and the risk of physical damage on IT infrastructure, causing higher electrical bills, and decreasing the productivity of the business operations that rely on computing power.
Most importantly, the presence of illicit cryptocurrency mining within an enterprise is indicative of flaws in their cybersecurity posture that should be addressed. The majority of illicit mining malware takes advantage of lapses in cyber hygiene or slow patch management cycles to gain a foothold and spread within a network. If miners can gain access to use the processing power of your networks then you can be assured that more sophisticated actors may already have access. Illicit cryptocurrency mining is the figurative canary in the coal mine, warning you of much larger problems ahead. CTA members recount case after case of being called in to an incident response for a mining infection and finding signs of multiple threat actors in the network.
Fortunately, defending against illicit cryptocurrency mining does not require specialized security software or radical changes in behavior. Instead, individuals and organizations can employ well-known cybersecurity practices and basic cyber hygiene to counter this threat. CTA has developed a prioritized list of recommendations and detection and mitigation techniques for the enterprise defender and the individual end user to mitigate the risk of illicit mining.
The following factors have been key enablers for malicious actors to conduct illicit cryptocurrency mining:
• The increasing value of cryptocurrencies makes illicit mining more profitable.
• The introduction of cryptocurrencies that may be mined via standard personal computers and IoT devices and offer additional anonymity for transactions, such as Monero and Ethereum, creates an environment where the potential attack surface is larger and the use of mined coins by actors is harder to track.
• Easy to use, commodity malware and browserbased exploits are readily available, making illicit mining easy and efficient
.• The increasing availability of pool mining, where groups of computers pool their resources together to mine cryptocurrencies, provides a scalable method for mining coins across a distributed network.
• Enterprises and individuals with inadequate security practices and cyber hygiene provide targets for malicious actors and often are not aware of the potential impacts to their infrastructure and operations.
The potential impacts of Illicit cryptocurrency mining include business disruption due to IT systems being unavailable, increased electrical bills, and the ability for adversaries to repurpose the access used for illicit mining to other malicious activities.
The presence of illicit mining malware may also indicate there are even worse things operating on the network. Therefore, individuals and enterprises must combat this threat and take it seriously.
The best approach is for owners, operators, and network defenders to improve their cyber hygiene and employ cybersecurity best practices. Improving defenses against spam and phishing campaigns, patching known vulnerabilities, and preventing unauthorized lateral movement will disrupt the ability of threat actors to use low-cost exploitation techniques to install malicious miners.
Implementing these best practices would have a deleterious effect on the economic feasibility of illicit cryptocurrency mining.
When network defenders improve their cyber hygiene and force illicit cryptocurrency miners to work harder to exploit more secure systems, the miners’ return on investment will eventually diminish to the point where illicit mining is no longer worth the effort