You know an internet-based technology is becoming more accepted into the mainstream when cybercriminals make it a target for attacks. We saw it with malware designed specifically for Apple products, and later with smartphone and tablet apps. Last year, we saw internet of things (IoT) devices used to orchestrate a massive DDoS attack. In 2018, we should expect to see a rise in cryptocurrency mining, or cryptomining, as an attack vector.
“Cryptocurrency mining is an opportunistic attack behavior that uses botnets to create a large pool of computing power,” said Chris Morales, head of security analytics at Vectra, a San Jose, California-based provider of automated threat management solutions. “It is considered more of a nuisance than a targeted cyberattack that puts personally identifiable information (PII), protected health information (PHI) and financial data at risk. But in some instances, these botnet activities present a high risk to organizations.”
Cryptocurrency mining eats up a system’s computing power. As a result, infected systems sustain increased wear and tear from processing cryptocurrency blocks, making infected systems work abnormally slow, Morales added. If computer users intentionally install cryptocurrency mining software, the risk may be minimal, although they could also install other money-making software that presents a greater risk.
Higher Education at Greatest Risk for Cryptomining
For its 2018 RSA Edition of its Attacker Behavior Industry Report, Vecta looked at cyberattack detections and trends from a sample of 246 opt-in enterprise customers and discovered the highest volume of attacker behaviors per industry were in higher education. This is due primarily to command-and-control (C&C) activity, which is four times above the industry average of 460 detections per 10,000 devices with 2,205 detections per 10,000 devices. These early attack indicators usually precede other stages and often are associated with opportunistic botnet behaviors in higher education.
And botnet behavior is more prevalent in university campuses than in other industries. In turn, these behaviors leverage devices for external gain, such as bitcoin mining or outbound spam.
Students Mining for Coins
College campuses create easy targets for cybercriminals wanting to take advantage of cryptomining for their illegal gain. University students are more likely than the average person to try cryptomining.
“Students are exceedingly intelligent and very enterprising. This is a time that many of them are working with new technologies, and it is not surprising that they utilizing their machines for cryptocurrency mining,” said Daniel Basile, executive director of the Security Operations Center at Texas A&M University System.
Students also have advantages that most of us don’t. Cryptomining requires a lot of energy and a lot of bandwidth. Most universities offer high bandwidth-capacity networks, and many students aren’t responsible for paying their power bills, so they don’t care about the amount of power cryptomining takes.
However, students can be careless about their online activities. There is an increase in websites that will cryptojack your PC while you are on their website, Basile pointed out. A student who is streaming movie from an untrusted source actually could be the victim of cryptomining without ever noticing it, for example.
“This new trend of mining bitcoin for revenue instead of ads can directly affect students. With the increase in online video streaming resources, this creates a large amount of cryptocurrency mining,” Basile added.
Also, cryptomining hackers target another favorite pastime of college students: online gaming.
“Although cryptomining malware does not target individuals, cybercriminals can infect systems that use high-performance graphic processing units (GPUs) or video cards,” said Morales. “This speeds up the GPU-intensive hashes used by cryptocurrencies like bitcoin. Gamers and other users of graphics-intensive applications are especially juicy targets.”
Preventing Cryptomining on College Campuses
College campuses are a hotbed of security concerns, thanks to open networks and a diverse user pool. Cryptomining is just the latest of security threats campus leadership has to be aware of, and this one is hard to detect.
“Higher education can only respond to students they detect cryptomining with a notice the activity is occurring,” Morales said.
So what can be done to protect the network? Morales provided a few tips:
• Provide assistance in cleaning machines
• Issue a Cease and Desist letter if the student is cryptomining in dorm rooms
• Practice good security hygiene by installing patches and creating awareness for threat points
• Install monitoring systems that can better detect behaviors related to cryptomining
“Corporate enterprises enforce strict security controls to prevent cryptocurrency mining behaviors,” said Morales. “However, universities do not have the same luxury with students. They can at best advise students on how to protect themselves.”