Is crypto-jacking the next big cyber-threat to organizations?

Most cyber-attackers aim to steal or compromise valuable data, but a growing number are breaking into corporate networks for a different purpose altogether. These hackers are more interested in your organization’s computing power than its information assets – they hijack the infrastructure in order to mine for cryptocurrencies.

Mining for cryptocurrencies, such as bitcoin, is the process of authenticating and legitimizing the transactions of these decentralized currencies. The more power hackers can steal from PCs, servers, and other devices, the faster they can mine the coins. And with many thousands of computers co-opted with mining malware, the rewards can be significant. A thousand hijacked computers could generate in the region of $200,000 per year.

Unlike ransomware, which spreads very rapidly, announcing its criminality to its victims, it is often not obvious if you have been or are a victim of cryptocurrency mining. The activity can run in the background for months and even years, without the owners of the infrastructures knowing.

In the past six months, Darktrace has detected and intercepted over 1,000 incidents of cryptocurrency mining – in fact, over 25% of organizations that we work with have suffered this attack, with some even perpetrated by rogue company employees.

As well as effectively stealing computing power daily, these attacks also pose a risk to the wider infrastructure and critical data. An unknown presence on the network is as unpredictable as it is dangerous.

Bitcoin mining under the hood

An example of this attack is a 500-person law firm that had unknowingly been at the centre of an illicit bitcoin mining operation for over five months. While the firm employed standard virus monitoring tools, the active threat had not been picked up.

It was only when they deployed an artificial intelligence-based defense technology that they discovered that many months ago, a summer intern had installed bitcoin mining malware on one of the laptops, which proceeded to co-opt more than 75 computers.

As well as slowing down the network and therefore negatively impacting the firm’s productivity, this crypto-mining operation exposed the company to significant reputational risk – the attackers became insiders to the network, well beyond the end of the internship. The activity was caught because the computers involved were behaving in an anomalous manner, according to the AI’s understanding of the normal ‘pattern of life’ for the firm.

Unintentional cryptocurrency mining

Even users of the devices exploited by cryptocurrency miners often fail to notice any problem. Indeed, Coinhive is a technology that allows website owners to use their visitors’ computing power to mine a tiny fraction of cryptocurrency. Visitors experience a small and unnoticeable increase in computer resource consumption while browsing the website. Some websites have experimented with this model to create new forms of revenue streams beyond advertisement and banner placements.

Controversially, using Coinhive on your website does often not require the consent of the website visitor. Darktrace has observed various customer devices that regularly visit websites leveraging Coinhive technology. While the increase in power consumption for an individual device browsing a website with Coinhive is ultimately negligible, the cumulative effect for the organization can be significant.

Cryptocurrency mining does not have the immediacy of a ransomware attack, its strength is its stealth –  it can be secretly performed for months and barely cause a ripple. Most users and security products won’t notice a cryptocurrency miner being installed on a corporate device and the activity goes under the radar of traditional security monitoring tools.

But the early warning signs of a crypto-mining breach don’t have to go undetected. AI is seeing successes in this area, analyzing a complex picture of network activity and singling out anomalous behaviors that point to something amiss.

Revolutionary technologies like cryptocurrencies have both their dark and light sides. For all the creative energy released by the crypto-blockchain revolution, bitcoin and its alternatives have quickly become the universal currency of the criminal underworld. Where there is money to be made, cyber-criminals will follow. It is critical for businesses to catch up and adopt the technologies they need to stop these attackers in their tracks – not four months down the line.