The New Theft: Drive-By Cryptocurrency Mining

Feb 12, 2018 4:34:11 PM |

Wesley McGrew

Social Share:

You may be able to wrap your head around the concept of a cybercriminal stealing money from your bank accounts, or monetizing your customers’ personal financial information, but have you considered that an attacker might be able to steal money from you through your utility bill, and maintenance budget for computer hardware? Cryptocurrency mining through malicious advertising on popular sites like YouTube is the new theft and could put your organization's bottom line at risk.

How Cryptocurrency Mining Works

The “creation” and distribution of currency to participants in a cryptocurrency blockchain is known as mining. Many cryptocurrencies, such as Bitcoin, create and distribute new “coins” through processes known as “proof of work”. By solving otherwise-pointless mathematical problems that rely on brute-force computation, a participant in the cryptocurrency blockchain can claim the newly mined currency before others. Many miners participate in, or run, mining pools, in which the individual miners divide the rewards for a group effort in finding the solution. The process varies from currency to currency, but for many of them, the concept can be boiled down to this: Mining cryptocurrency takes lots of dedicated computing resources.

For legitimate mining operations, the paramount question is: are my mining returns exceeding the cost of purchasing and operating my equipment? Efficient mining is not a simple operation. High-end graphics hardware is required to perform enough computation to outstrip the cost of the electricity that is being consumed to run the equipment. A mining “rig” will rack up a much higher electric bill under its maximum load than a normal desktop workstation would.

Malicious Advertising and Cryptocurrency Mining

While mining on more common desktop and laptop systems, like those found in your organization, isn’t usually seen as efficient or feasible, it becomes a lot more attractive when the mined currency goes to an attacker not paying your electric bill. Malicious software and malicious advertising on web pages hijack the computing resources of organizations to mine currency for the attacker. Even popular sites like YouTube have hosted malicious advertising that hijacks computing resources for mining.

Cryptocurrency mining through malicious advertising can have the following impacts on your organization’s bottom line:

  • Increased utility bills – A system under heavy load draws more power than a system idling or performing normal day-to-day tasks.
  • Wear and tear – Cryptocurrency mining on a laptop or mobile device will more rapidly “age” its battery by draining it so quickly. Short-term, it will not last as long for your users, and soon it will be more likely to fail and need replacement.
  • Decreased productivity – A slow and unresponsive system will impact your ability to accomplish your goals.
  • Incident response – If mining software is identified as malicious software on your systems, you will incur the cost of investigating how it got there and where else it might have spread on your network.

How You Can Protect Yourself from Malicious Advertising

What can you do to prevent yourself from becoming someone’s unwilling “mining rig”? Keeping antivirus products up-to-date can detect the presence of malicious software that is mining, and end-user education can reduce the likelihood that someone will download and install software that will deploy this capability. Good security hygiene for other forms of viruses applies here. Security monitoring services can also help you identify an infection or the subsequent increase in load on your organization's computer hardware. Other security services, such as penetration testing, can provide insight into how an attacker might be able to hijack the resources of your network.

The state of malicious advertising is such that it’s difficult to accept the risk of trusting any advertising on the web. Deploying web browser plugins for ad blocking, such as uBlock Origin, can make it very easy for you to block all advertising. For sites that you trust and wish to support by viewing ads, their addresses can be added to a white list that is not impacted by the plugin. Until the technology and acceptable industry practices of web-based advertising change, though, the safest option is to simply block as much of it as possible.

The next time you hear your laptop’s internal fan kick into “high gear” seemingly out of nowhere, think to yourself: Am I making someone else money, at my expense?

COMMENTS

THIS POST WAS WRITTEN BY Wesley McGrew

Wesley serves as the director of cyber operations for HORNE Cyber. Known for his work in offensive information security and cyber operations, Wesley specializes in penetration testing, network vulnerability analysis, exploit development, reverse engineering of malicious software and network traffic analysis.

Find me on: