IT Security Blog | Rivial Security

Daily Security Threats: Defending Against Crypto Mining Malware

Written by Robby Stevens | 05 Sep 2018

 

In the data security world, when talking about types of attacks and network security threats, we hear the term “malware” thrown around a lot: X Million Dollars Stolen in Malware Breach or New Malware Designs Coming Out of Eastern Asia, etc.

 

The truth is, there are countless types of malware, and new ones are created every single day. Malware in your system can lead to a breach in your network and the destruction or stealing of your company’s most sensitive information.

 

We thought we’d take the time to dive into a fairly specific category of malware.

 

A devilishly hot 2018 trend in cyber crime has been the spreading of cryptojacking malware. Cryptojacking is estimated to be one of the top internet security concerns as cryptocurrency becomes increasingly popular. The term refers to the stealing computing power from a network and putting it to work mining for cryptocurrency.

 

Remember, unlike ransomware, which the user is usually notified of upon infection, malware is designed to fly under the radar; and those designing with the purpose of crypto mining are creating the most discreet malware strains to go as unnoticed as possible on an infected network.

 

What is Crypto Mining?

To explain crypto mining, let’s first dive into a quick review of cryptocurrency. Cryptocurrency (Bitcoin, Litecoin, Zcash) runs on a blockchain, which is almost like a spreadsheet that has been duplicated thousands of times across a network of computers. It’s complicated, and quite safe: information running on a blockchain is impossible to corrupt because it’s hosted by millions of computers simultaneously versus having one centralized version.

 

There are basically two ways to mine bitcoins: be a miner or a node.

 

The job of the miner is to group outstanding transactions into blocks and add them to the blockchain. Unlike the picture above suggests, these miners ‘discover’ cryptocurrency by solving highly complex math problems. Without drowning you in the details, the miners receive a ‘block’’ and compete to find the correct number (an integer between 0 and 4,294,967,296) using a cryptographic hash function. This is the sexy side of crypto mining, as the payoff for mining a block is a pretty juicy 12.5 bitcoins (around $90K).

 

The job of the node is slightly easier to understand. It is a computer that participates in the blockchain that runs the cryptocurrency. These computers relay the information from a cryptocurrency transaction to other nodes, spreading the information quickly and efficiently to the entire network.

 

The process is pretty genius, and anyone can do it. All they need is a computer and the right software (generally a free download). But running a blockchain for cryptocurrency requires some serious computing power and a hefty electric bill (while writing, the port takes up about 145GB of your network’s space).

 

The money is there to be made, and cybercriminals are starting to recognize they don’t need to own the computers to use them as nodes; the could steal computing power using malware.

 

How Attackers Use Malware to Crypto Mine

The philosophy behind it is to distribute the processing power needed to relay the information in the blockchain to multiple computers unnoticed. The more computers they can infect, the more information they can relay, and the more money goes right into their pockets.

 

This type of malware is not the easiest to detect, because it’s often not what security teams are looking for – major enterprises watch out for any signs of critical data being stolen or encrypted in ransomware attacks. Although the effects of cryptojacking are noticeable in an organization (system lag, higher energy bills, and burning out machines quicker than normal), identifying the infectious malware is not as easy.

 

Keeping Your Network Safe

Network and computer security, for a bank or credit union in 2018, is almost equally as necessary as having a giant vault to keep all the money safe. So what can you do to prevent this emerging security threat?

 

The easiest answer is to update your antivirus gateway filter to detect browser-based crypto mining. Set it to look for unauthorized communications and match those instances with abnormal network behaviors and subtle deviations on your computers. If one or more of your computers have been infected with cryptojacking malware, this process should lead you directly to the issue.

 

Another effective layer of security that you can add is NoCoin, an extension that blocks Coinhive, the software needed to mine cryptocurrency.

 

Defending your bank or credit union against the emerging threat of cryptojacking is something your IT security team should consult with an advisor in the area about. If you’d like the experts at Rivial to take a look for you, feel free to send us an email at info@rivialsecurity.com