The explosion of crypto prices for many cryptocurrencies has brought more attention to them and more people want to earn cryptocurrencies by “mining” them instead of buying them. Not many have the necessary hardware to run their crypto-mining software and worth their time, resources, and energy consumption.
Mining of cryptocurrency provides a reward in exchange for useful services required to operate a secure payment network.
The mining software listens for transactions broadcast through the peer-to-peer network and performs appropriate tasks to process and confirm these transactions.
Miners perform this work because they can earn transaction fees paid by users for faster transaction processing, and newly created coins issued into existence according to a fixed formula.
For these reasons, many people will try and chew up resources of your equipment and try to earn some cryptos for free. This is also known as crypto-jacking.
The actors can be both internal and external. Some of the detective and preventive actions are common to standard security controls you would need to already have applied in your environment.
RISKS OF CRYPTO MINING IN CORPORATE ENVIRONMENTS
There are three main risks associated with crypto-mining software running on your corporate environment.
Increase in Costs. Electricity consumption is crucial for crypto-mining. If someone uses your systems for mining they can potentially increase the resource usage on your systems in order to increase the speed of calculations, thus consuming more electricity.
Performance and Availability Problems. While increasing the processing (either CPU or GPU) your systems have fewer resources to assign to other processes that may be business-critical. Mining applications are ofter poorly written and can potentially cause system crashes, taking down your business services with them.
Use of Vulnerable Tools and Applications. It is common that many software written to perform crypto-mining are poorly developed with little to no attention to security is given. This may lead to malicious parties exploiting vulnerabilities of the software and accessing your internal network through them.
WHAT YOU CAN DO
Systems Performance Monitoring
There are a plethora of reasons to have performance monitoring on your systems, and one of them is the detection of an unusual increase of resource usage which can indicate a sign of crypto-mining software running on them. You will need to investigate such changes and verify that no illegal software has been installed or running on your systems.
Remember, crypto-mining software doesn’t always need to be installed on a system, it can run as an independent executable.
DNS Monitoring and Protection
DNS requests are being performed only at the beginning of a mining session. The communication of between mining clients and servers ofter occur between 30-100 seconds. The first thing that occurs is a DNS request followed by TCP communication as per SANs Institute.
Try and block domains at the DNS level, not only through a web filtering solution.
A great solution you can use at home is the Pi-Hole. It acts like a DNS “sinkhole” which drops dns requests sent to blacklisted domains.
Use an endpoint protection/antivirus software to detect crypto-mining software. AV companies are becoming increasingly better at detecting cryptomining software but crypto-miner authors are also constantly changing their techniques to avoid detection at the endpoint.
Another good solution against crypto-miners is restricting the applications which can run on your systems. You can use Software Restriction Policies and specify which applications are allowed to run on the systems. It can be hard to setup at first because you will need to know all required software running on your environment
Since cryptojacking scripts are often delivered through web ads, installing an ad blocker can be an effective means of stopping them. Some adblockers like AdBlocker Plus have some capability to detect cryptomining scripts.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.