Cryptomining Scams Continuously Steal Millions


March 29, 2018

The March Blog Series: 2018 Trends

Issue 22: Cryptomining Scams Continuously Steal Millions

Although cryptocurrency is going through its ups and downs, it has continued to show longevity as being a good investment, or has it? Due to its lack of oversight, this is a huge opportunity for hackers and creators of malware. Capitalizing on the ability to circumvent protocols, these attackers frequently infect computers, stealing millions.

There are a few active cryptomining groups that all have their own techniques for infiltrating computers. This is becoming all too familiar, with The Guardian reporting on thousands of government-owned websites that have been hijacked by rogue mining code in the UK alone. This raises the question of how organizations are protecting their networks. Proper protocols and learning modules must be implemented to inform employees of how these attackers work, and what should be done to hinder their attempts.

Working around the problem
While educating employees is the first step toward ensuring everyone remains vigilant against attacks, there are other measures that must be addressed. One of the most known malware is Coinhive, which uses the processing power on a user's device to mine the open source cryptocurrency called Monero. This occurs through the BrowseAloud plugin.

As this continues, organizations are becoming more alarmed and looking for ways to keep their information safe and secure. Cybercriminals have taken a liking to enterprises as the newest and most covert way to obscure illegal revenue. Today's professional cybercriminals are keeping an eye on the consistent interest in digital currency, infusing malware into business systems that will cause the hardware and associated applications to crash. This helps gain the information they need to cause even more damage.

It can be difficult to catch these criminals, as mining in itself is of course not illegal. You will find a number of computer systems that have been comprised have ransomware without knowing. Cybercriminals can now steal computing power, installing mining software that will ultimately infiltrate systems and allow the theft of millions. In addition, digital wallets continue to be a main source of revenue for these criminals, and are consistent targets. Trading platforms and cryptocurrency exchanges must be vigilant and savvy in developing protocols that will thwart these instances.

It is imperative to properly vet any third-party software and installers to ensure systems will not be compromised. Cybercriminals also implement limits on CPU usage and other items to divert interest in performance issues due to mining software that has been installed. As these new ways of stealing information and cryptocurrency become more intricate, having customized systems in place and a strong IT team that consistently reviews usage and performance is key.

By doing this, the management team will have a comprehensive hands-on approach to monitor and stay abreast on systems operation. For most organizations, this a positive learning curve that will cross-train in different areas across the organization. Questions to ask across the organization: Are CPUs working more than usual? What about energy usage? Is it normal, or has there been an unexpected surge? Has the network operated intermittently? These questions can be asked across the entire organization, as there is no determination which areas may be affected at any given time. An organization's protection must work to recognize signs of infiltration, work to build a strong IT presence and perception within that organization, and consistently work on educating employees. These are the keys to success.