It seems like the whole world is talking about bitcoin, cryptocurrencies and blockchain technology – around dinner tables, at the pub, and even in government meetings. It has also become a hot topic in boardrooms, where discussions around bitcoin aren’t
just focused on its ever-fluctuating value. For many organisations, the focus is around how cryptocurrencies increasingly form the motivation for malware and cyberattacks.
To say the value of bitcoin is “volatile,” is an understatement. In April 2015, the value of bitcoin hovered around $230. Last December, it hit a high of nearly $20,000. At present, it is down to $6,500.
When its value was a couple hundred dollars, bitcoin “mining” wasn’t cost-efficient. It requires a fast internet connection, creates electricity costs through power consumption and cooling, depletes storage space and takes time. When the value of a single
bitcoin began to skyrocket, so did the profitability of bitcoin mining — and investment in it.
That rising value, coupled with increased competition and a depleting supply of bitcoins, is the perfect recipe for a serious cybersecurity problem.
A growing threat
More than 17 million of 21 million bitcoins have already been mined. As more bitcoins are mined, the system increases the difficulty of the cryptographic hashes that must be solved. Bitcoin also cuts the number of coins awarded to a miner in half every 2.1
million blocks. In July 2016, the reward was halved from 25 coins to 12.5. In May 2020, it will drop to 6.25 coins.
With fewer bitcoins left and fewer coins awarded for mining, the primary way to boost profits is to lower operating costs. Specifically, the power consumption of running and cooling massive banks of servers. Even with a potential payoff of $100,000 per block
added, those costs are not insignificant. In the UK., depending on electricity rates, the cost to mine a single bitcoin ranges from $15,000 to $20,000.
Bitcoin miners offset these costs with malware. The malicious scripts are installed on computers — spanning the personal to the enterprise levels — that run bitcoin mining software disguised as legitimate programmes. In 2017, the Pirate Bay was caught generating
revenue by secretly using the central processing unit (CPU) power of millions of visitors to mine cryptocurrency Monero. It was their alternative to the ad overlays that reduced the user experience of accessing pirated content.
This is not just a problem for those who visit torrent sites. Earlier this year, hackers targeted more than 400,000 computers to install bitcoin mining malware. Facebook, YouTube and Messenger have all experienced attempts to infect users’ PCs and even smartphones
to mine different cryptocurrencies. The explosive proliferation of mining malware has led some to refer to it as “the new ransomware," but it comes without all the messy, labour-intensive trouble of demanding ransoms.
The bigger picture
Cryptocurrency mining is not just about a slow running PC, though. Some mining malware is so aggressive that it can literally melt a smartphone. At the enterprise level, the increased CPU loads from mining malware can lead to hardware failure, huge drains
on energy consumption, entire systems unable to do mission-critical tasks and literally thousands of infections on a single network. It also provides a frontline and laboratory for malware and cyber threats that are increasingly widespread, difficult to detect
and technically complex to remove manually.
In order to implement their attacks, malicious cyber actors target the CPU cycles of computers, web browsers, IoT and end user mobile devices, and network infrastructure. Media devices such as smart TVs, cable boxes, and DVRs are an increasing target of
illicit mining power. Cybercriminals exploit known vulnerabilities to steal the processing power of these devices to mine for cryptocurrencies. While the theft of computing cycles to mine for cryptocurrencies may sound relatively benign in the face of cyber-attacks
that ransom data, steal intellectual property, or disrupt critical infrastructure, it is a threat that organisations must address to improve their overall cybersecurity. At a minimum, illicit cybermining is a drain on organisational resources, resulting in
increased computing workload, the theft of expensive cloud computing resources, and even the risk of physical damage to IT and OT infrastructures.
This is why Chief security officers (CSOs) shouldn’t depend on traditional virus protection but should instead instruct their organisations to vigilantly watch out for signs of infection. These include strange spikes in CPU and graphics processing unit (GPU)
use, dramatic slowdowns of their systems and even overheating.
There are more than 1,500 different cryptocurrencies in play today, each of which can provide the foundation for different types of malware. Add to that a growing awareness of the financial potential — or merely the perception of financial potential — of
mining with malware, and it is easy to see how topics that play for laughs today could quickly become the catalyst for much more sophisticated attacks with much greater levels of malicious intent.
--