Endpoint

2/28/2018
02:00 PM
David Shefter
David Shefter
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

Why Cryptocurrencies Are Dangerous for Enterprises

When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.

Whatever the latest hot, new cryptocurrency is — be it bitcoin or one of its quickly sprouting rivals — doesn't matter: coin mining and trading activities by employees and by hackers is a considerable security problem in the enterprise.

Cryptocurrencies and the industries sprouting around them are infecting enterprise desktops and servers with malware, making systems vulnerable to cyberthieves, and draining electricity. They could be after customer lists, passwords, databases, or looking to turn your computers and devices into bots, ready to spread more malware.

The threats might start from employees, if they choose to try to make a couple of extra dollars by mining or trading cryptocurrencies. Today, insiders are the biggest problem, as they are more than likely using enterprise-owned computers or company-owned Wi-Fi to pursue their cryptocurrency interests. Cryptocurrency is the new day trading, both disruptive and dangerous, and this is due to the nature of the software that needs to be used for those activities.

There are two types of software. One works to mine cryptocurency coins; the other manages digital wallets.

Coin-mining software uses CPU cycles and memory on the end user's computer to solve complex math problems. The more problems that are solved, the more coins are mined (created) and a portion is added to the user's account. Coin mining requires computing horsepower in order to make just a few pennies' worth of cryptocurrency. The more powerful the computer, the faster the employee makes money. If the employee can manage to harness multiple desktop/notebook computers — or more powerful computers, such as corporate servers or cloud resources — the employee makes even more money, but the enterprise suffers.

There are two dangers. First, running mining software consumes considerable electricity. Second, if coin-mining software is installed on servers, it's reducing the amount of server processing capability to be used for legitimate work. Today, mining bitcoins requires too much processing power to be efficient, and so employees are mining newer or less-known currencies, such as Monero and Ethereum. Don't underestimate electricity consumed by mining. By comparing it to playing computer games, if a regular gaming computer runs for eight hours, it is 2,000 kW/h per year of electricity. With mining, it's more like 5,000 kW/h. That's thousands of dollars wasted.

A second threat is digital wallets, software used to manage digital currency accounts. They are targeted by cyberthieves, who break in to steal the cryptocurrency coins. If those wallets are stored on company-owned computers, hackers are breaking into your own resources, including your computers, servers, or network.

Digital wallets and mining applications are not carefully written applications by name-brand vendors. More likely, they are written by anonymous sources, and distributed via questionable means via the Dark Web. To obtain software for cryptocurrencies, one has to get near questionable parts of the Web, websites targeted by hackers, and the software may be a Trojan for malware. For example, EtherDelta, a coin exchange marketplace that was taken over by hackers in 2017 by subverting the website's DNS information. This allowed the hackers to steal cryptocurrency coins.

Hackers may try to subvert employees' coin-mining/trading activities via malware installed on coin applications. Another recent danger is the use of malicious JavaScript or malicious ads to do some of the calculations needed to mine software — but this time, on the hacker's account. Software on web pages use the end-user's computer to perform calculations around the clock. Those actions can be delivered via JavaScript, using browsers like Firefox, Chrome, Safari, or Edge. Most JavaScript is fine yet can be turned malicious.

Stay Safer
So, what can you do? A few things:

  • Make sure your antivirus software is up to date on all corporate assets, and that your AV solution blocks coin software. Contact your vendor to make sure.
  • Don't allow non-corporate devices to access the enterprise network, and that includes personal devices, such as the employee's personal computer brought into the office.
  • Set strong policies against the use of mining or coin-management software on enterprise devices or in the workplace — treat it as you would pornography or other disruptive and dangerous software.
  • Configure firewall policies to block access to known websites involved in cryptocurrencies or which are hubs for the distribution of coin software. This is an ever-changing list, so you must be vigilant.
  • Sites to consider blocking include coinbase.com, cex.io, binance.com, kraken.com, etherdelta.com, coindesk.com, and blockchain.info.
  • Monitor corporate computers to see if they have excessive CPU or memory utilization, which could be the result of coin-mining software.

In conclusion, be aware of myriad cryptocurrency coin issues to better foster a culture of security in your enterprise before it becomes an epidemic.

Related Content:

 

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

David Shefter serves as Chief Technology Officer for Ziften Technologies, where he brings an expansive background in security, IT, and emerging technologies for finance. Previously, he served as Senior VP of Innovation and Emerging Technology at Citigroup. Shefter is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2018 | 10:47:39 PM
Gaming vs. Mining
Well, shucks, now I don't feel so bad about playing games at work! ;)
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17177
PUBLISHED: 2018-09-18
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated ...
CVE-2018-17178
PUBLISHED: 2018-09-18
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the...
CVE-2018-11869
PUBLISHED: 2018-09-18
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
CVE-2018-17176
PUBLISHED: 2018-09-18
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
CVE-2018-11852
PUBLISHED: 2018-09-18
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.