The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals. As the values of various cryptocurrencies increase and their use becomes more prevalent, malicious cyber actors are using computers, web browsers, internet-of-things (IoT) devices, mobile devices, and network infrastructure to steal their processing power to mine cryptocurrencies. Cryptocurrency mining detections have increased sharply between 2017 and 2018. Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining malware detections since 2017, and recent quarterly trend reports from CTA members show that this rapid growth shows no signs of slowing down.
While the theft of computing cycles to make money may sound relatively benign in the face of other kinds of cyber incidents that can encrypt your data for ransom, steal your intellectual property, or disrupt important functions of critical infrastructure, it is a threat that cybersecurity providers and network defenders must address together to improve our overall cybersecurity.
Business owners and individuals must understand the potential impacts of illicit cryptocurrency mining on their operations. In its most basic form, illicit mining is a drain on the resources in anyone’s enterprise, increasing the workload and the risk of physical damage on IT infrastructure, causing higher electrical bills, and decreasing the productivity of the business operations that rely on computing power.
Most importantly, the presence of illicit cryptocurrency mining within an enterprise is indicative of flaws in their cybersecurity posture that should be addressed. The majority of illicit mining malware takes advantage of lapses in cyber hygiene or slow patch management cycles to gain a foothold and spread within a network. If miners can gain access to use the processing power of your networks, then you can be assured that more sophisticated actors may already have access. Illicit cryptocurrency mining is the figurative canary in the coal mine, warning you of much larger problems ahead. CTA members recount case after case of being called in to an incident response for a mining infection and finding signs of multiple threat actors in the network.
Fortunately, defending against illicit cryptocurrency mining does not require specialized security software or radical changes in behavior. Instead, individuals and organizations can employ well-known cybersecurity practices and basic cyber hygiene to counter this threat. CTA has developed a prioritized list of recommendations and detection and mitigation techniques for the enterprise defender and the individual end user to mitigate the risk of illicit mining.
Illicit mining shows no signs of being just a phase for threat actors, but will likely be a continuous and nearly effortless approach to revenue generation.