Crypto-Mining Corporate Networks

652

The volume of crypto-mining transactions has grown, spiking almost 500% on corporate networks. Zscaler has blocked more than 2.5 billion crypto-mining attempts in the last six months. The spike, the firm said, is likely tied to the sharp increase in value of cryptocurrency (Bitcoin hit highs above $19,000 in December) and the fact that legitimate sites are adopting crypto-mining as a source of revenue instead of online advertisements. IT security experts commented below.

Itsik Mantin, Lead Scientist at Imperva:

“The impact of the crypto-madness on cybersecurity has two faces. The first is specific to the crypto-finance industry, which turned into a very tempting target for penetration, wallet hijacking and fake transactions. However, the impact of the second – using hijacked hosts of all kinds as platforms for crypto-mining – reaches practically everywhere. From web browsers unknowingly mining coins for the site they’re visiting, to websites that suffer code injection attempts due to attackers looking for powerful hosts for digging their gold. The cyber-monetization – the path from hack to money, is shorter today than ever before.”

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“Cryptocurrency mining is a theft of CPU resources from the business. Web site response times are critical to customer satisfaction and retention, and companies spend millions of dollars on robust infrastructure to achieve that goal. Cryptocurrency mining steals CPU cycles from that infrastructure, negatively affecting the customer experience, potentially costing the business millions of dollars. It is important that organizations implement mechanisms to know when they have been infected. One way to do that is with software agents looking for unusual processes that consume CPU cycles. Another is to utilize network traffic analysis (NTA). CPU cycles are being used to answer math problems, and for the cybercriminals to monetize this, data must be sent across the internet to their servers. NTA provides a mechanism to scrutinize this traffic, looking for data, even a single packet, being sent to cybercriminal domains. If any of this traffic is seen, an immediate notification is sent to the security operations team alerting them to the crypto-mining in progress. They are able to remove it, and protect the business and more importantly, the customer experience.”

Nadav Avital, Security Researcher at Imperva:

“The latest research we conducted at Imperva, shows a clear bias towards crypto-mining attacks. In fact, 90% off all remote code execution attacks towards servers involve illegal crypto-mining activities. Also, since the reward is immediate, i.e. the money goes straight into the attacker wallet, we have seen a development in crypto-mining attacks – from simple scripts, to state sponsored exploits like eternal blue that are weaponized with crypto-mining payloads.”

.

Andy Norton, Director of Threat Intelligence at Lastline:

“The spike in traffic has nothing to do with Bitcoin’s value. It has everything to do with Monero, a general CPU friendly fungible currency creating a market for services like Coinhive to be injected onto websites, and usurp visiting browsers to mine XMR currency. The fact is that exploits are much harder to develop these days, so cryptojacking payloads offer a greater return on investment.”