Whatever the latest hot, new cryptocurrency is — be it bitcoin or one of its quickly sprouting rivals — doesn't matter: coin mining and trading activities by employees and by hackers is a considerable security problem in the enterprise.
Cryptocurrencies and the industries sprouting around them are infecting enterprise desktops and servers with malware, making systems vulnerable to cyberthieves, and draining electricity. They could be after customer lists, passwords, databases, or looking to turn your computers and devices into bots, ready to spread more malware.
The threats might start from employees, if they choose to try to make a couple of extra dollars by mining or trading cryptocurrencies. Today, insiders are the biggest problem, as they are more than likely using enterprise-owned computers or company-owned Wi-Fi to pursue their cryptocurrency interests. Cryptocurrency is the new day trading, both disruptive and dangerous, and this is due to the nature of the software that needs to be used for those activities.
There are two types of software. One works to mine cryptocurency coins; the other manages digital wallets.
Coin-mining software uses CPU cycles and memory on the end user's computer to solve complex math problems. The more problems that are solved, the more coins are mined (created) and a portion is added to the user's account. Coin mining requires computing horsepower in order to make just a few pennies' worth of cryptocurrency. The more powerful the computer, the faster the employee makes money. If the employee can manage to harness multiple desktop/notebook computers — or more powerful computers, such as corporate servers or cloud resources — the employee makes even more money, but the enterprise suffers.
There are two dangers. First, running mining software consumes considerable electricity. Second, if coin-mining software is installed on servers, it's reducing the amount of server processing capability to be used for legitimate work. Today, mining bitcoins requires too much processing power to be efficient, and so employees are mining newer or less-known currencies, such as Monero and Ethereum. Don't underestimate electricity consumed by mining. By comparing it to playing computer games, if a regular gaming computer runs for eight hours, it is 2,000 kW/h per year of electricity. With mining, it's more like 5,000 kW/h. That's thousands of dollars wasted.
A second threat is digital wallets, software used to manage digital currency accounts. They are targeted by cyberthieves, who break in to steal the cryptocurrency coins. If those wallets are stored on company-owned computers, hackers are breaking into your own resources, including your computers, servers, or network.
Digital wallets and mining applications are not carefully written applications by name-brand vendors. More likely, they are written by anonymous sources, and distributed via questionable means via the Dark Web. To obtain software for cryptocurrencies, one has to get near questionable parts of the Web, websites targeted by hackers, and the software may be a Trojan for malware. For example, EtherDelta, a coin exchange marketplace that was taken over by hackers in 2017 by subverting the website's DNS information. This allowed the hackers to steal cryptocurrency coins.
So, what can you do? A few things:
- Make sure your antivirus software is up to date on all corporate assets, and that your AV solution blocks coin software. Contact your vendor to make sure.
- Don't allow non-corporate devices to access the enterprise network, and that includes personal devices, such as the employee's personal computer brought into the office.
- Set strong policies against the use of mining or coin-management software on enterprise devices or in the workplace — treat it as you would pornography or other disruptive and dangerous software.
- Configure firewall policies to block access to known websites involved in cryptocurrencies or which are hubs for the distribution of coin software. This is an ever-changing list, so you must be vigilant.
- Sites to consider blocking include coinbase.com, cex.io, binance.com, kraken.com, etherdelta.com, coindesk.com, and blockchain.info.
- Monitor corporate computers to see if they have excessive CPU or memory utilization, which could be the result of coin-mining software.
In conclusion, be aware of myriad cryptocurrency coin issues to better foster a culture of security in your enterprise before it becomes an epidemic.
- 7 Cryptominers & Cryptomining Botnets You Can't Ignore
- Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
- Tracking Bitcoin Wallets as IOCs for Ransomware
Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.