BUSINESS TECHNOLOGY MEDIA COMPANY
Companies
Sectors

Illegal crypto-currency miners pocket $100m to date

Read time 3min 20sec
Helge Husemann, product manager for Malwarebytes in EMEA.
Helge Husemann, product manager for Malwarebytes in EMEA.

As crypto-currencies continue to rise in popularity, we can expect to see an increase in malicious coin miners, driven by the prospect of financial gains and increased anonymity.

This is according to Helge Husemann, product manager for Malwarebytes in EMEA, speaking at ITWeb Security Summit 2018 this week.

He pointed out that as the mining process has become easier using regular computers, with cross-platform compatibility, the opportunity for threat actors and new attack vectors are steadily rising.

"Hundreds of thousands of compromised machines are now working to mine for the latest and hottest digital currency in the market," said Husemann.

"Criminals that have compromised various IOT [Internet of things] devices and assets to assist in illegal crypto-currency mining have earned attackers an estimated $100 million to date. Mining tools illegally installed on business systems have caused applications and hardware to crash, causing operational disruptions lasting days and sometimes even weeks."

The stunning rise in the price of Bitcoin, hitting $17 500 in December as it increased by more than 500% in 2017, saw investors flood to crypto-currencies, with futures markets even being set up by exchanges.

Ransomware such as Wannacry and its variants like Notpetya and Badrabbit seemed to have caused the most damage, said Husemann.

Drive-by exploits

There has also been an increase in drive-by exploits pertaining to crypto-currency and blockchaining processes.

"Because blockchaining processes require so much computing power, nefarious security attacks have been developed to help generate crypto-currency and aid in blockchaining development," he said.

He revealed that on average, Malwarebytes has been blocking eight million malicious drive-by mining attempts per day, or approximately 248 million blocks in a single month.

"The illicit gains from illegal crypto-mining contribute to financing the criminal ecosystem, costing billions of dollars in losses and disruption of business services from compromised assets."

Husemann said last year YouTube experienced a threefold increase in illegal coin-mining via malware-embedded ads. He noted that Showtime, Browsealoud, and numerous UK government Web sites fell victim to illegal mining activities that went undetected for several months.

WordPress servers were used to illegally mine the Monero currency and the attacker is estimated to have earned over $100 000 to date, he added.

"An important milestone in the history of crypto-mining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a Web browser.

"To differentiate browser-based mining from other forms of mining, many started to label these instances as JavaScript miners or browser miners. The simplicity of the Coinhive API integration was one of the reasons for its immediate success, but due to several oversights, the technology was almost instantly abused," he explained.

Husemann said Monero is one of 1 500 different crypto-currencies currently in circulation. According to him, what makes Monero different from other crypto-currencies is that it is cross-platform compatible, meaning it doesn't require specific hardware types that other currencies such as Bitcoin do. Because of this, the attack surface has dramatically increased.

"This January, our telemetry indicated that several million handheld devices were being redirected to specifically designed Web sites to perform nefarious Monero mining. We can expect more IOT devices being compromised for the purpose of blockchain mining."

He described a drive-by attack as illegally compromising IOT devices to assist in blockchaining and crypto-currency processing.

To avoid falling victim to illegal crypto-currency mining, Husemann said security officers should consider deploying malware signatures as well as machine learning.

Login with