Is your organization’s computing power being used by external forces for cryptocurrency mining? While many data breaches occur with the goal to steal data, as cryptocurrency reemerges as a popular trend with the rise of currencies like bitcoin, hackers are now breaking into systems to use an organization’s computing power to mine cryptocurrencies.
According to Darktrace’s Threat Report 2018, the cyber AI security firm detected cryptocurrency mining in 25 per cent of all of its customers’ networks over the last six months. Hackers are re-purposing company computing power with mining malware that can take power from PCs, servers, and any other device connected to the network.
“Those who are able to get into any network and put cryptocurrency mining malware onto computers can just start mining away,” David Masson, Canada Country Manager at Darktrace, told ITWC. “And it’s not just the computer power they’re using – they’re also using the company’s electricity supply as well because it takes a lot of power to actually do this.”
Darktrace estimates that a thousand-strong army of hijacked computers could make roughly $200,000 per year, and it’s not just outside hackers who are realizing this. Employees themselves have realized the financial opportunity available. While these employees may not be stealing data, mining malware inherently slows the entire system and the productivity of the network by stealing power on a daily basis, and since it is an unknown presence on the network that is unpredictable, it poses a risk to the wider infrastructure.
And here’s the real caveat: unlike ransomware or forms of attack that spread quickly and make its presence known, cryptocurrency mining can run in the background for months and months on end without being detected.
“If it’s an insider, the kind of technologies that you have out there right now are based on rules that just won’t see [mining malware]. You can’t find the insider and they’re a high level user with a fantastic buffet of excuses to explain why they’re doing what they’re doing. Untrained noses won’t find this, they won’t see it,” explained Masson.
That’s where Darktrace’s artificial intelligence-powered cyber defense comes in. For example, in the threat report the company details how a 500-person law firm with traditional security that scanned for known threats was unaware that a summer intern had installed bitcoin mining malware that co-opted more than 75 computers.
“If you’re going to try and guess what bad is going to be – try and pre-define bad based on past experience – that’s great, but it’s probably not going to be good enough because at the end of it, it’s a bit of a guess. Let’s not try and keep up with the scale of the threat because you can’t. There’s too much of it, it’s too complex, and it’s moving too fast. Humans can’t keep up,” said Masson.
Darktrace’s AI defense technology was able to detect that summer intern’s mining malware by catching the anomalous behaviors. It can spot the deviating behaviors that stand out, even if only slightly, and compare what is normal to that network.
“Let’s turn it the other way. Let’s get an understanding of the network. Let’s know the pattern of life of the network and everything that’s in it whether it be a user, device, subnet, etc., and then look for a change to that pattern of life. Will all change be a threat? No, but all threat will be a change in there. You not only get 100 per cent visibility of your network, but you will also see a threat in it’s very early stages,” Masson said.
Cryptocurrency mining isn’t the only threat outlined in the Darktrace report. Darktrace also found that 65 per cent of early-stage threats are due to “insiders misusing legitimate access to damage their employer, either knowingly or unknowingly.” The cybersecurity firm also found a 400 per cent increase in the number of IoT security incidents due to the vulnerability of such devices on the edge.
For the whole Darktrace Threat Report 2018, you can find it here.